./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4091763342 <...> pid 1685] chdir("./file0") = 0 [pid 1685] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1684] <... futex resumed>) = 0 [pid 1684] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1684] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1685] <... futex resumed>) = 1 [pid 1685] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1685] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1684] <... futex resumed>) = 0 [pid 1684] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1684] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1684] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1684] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1688], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1688 [pid 1684] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1684] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1685] <... futex resumed>) = 1 [pid 1685] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 1685] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1685] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1688 attached [pid 1688] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1688] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1688] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1684] <... futex resumed>) = 0 [pid 1684] exit_group(0 [pid 1685] <... futex resumed>) = ? [pid 1684] <... exit_group resumed>) = ? [pid 1685] +++ exited with 0 +++ [pid 1688] <... futex resumed>) = ? [pid 1688] +++ exited with 0 +++ [pid 1684] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1684, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./264", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./264/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./264/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./264/binderfs") = 0 umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./264/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./264/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./264") = 0 mkdir("./265", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1689 ./strace-static-x86_64: Process 1689 attached [pid 1689] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1689] chdir("./265") = 0 [pid 1689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1689] setpgid(0, 0) = 0 [pid 1689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1689] write(3, "1000", 4) = 4 [pid 1689] close(3) = 0 [pid 1689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1689] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1689] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1689] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1690], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1690 [pid 1689] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1689] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1690 attached [pid 1690] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1690] memfd_create("syzkaller", 0) = 3 [pid 1690] ftruncate(3, 2097152) = 0 [pid 1690] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1690] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1690] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1690] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1690] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1690] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1690] mkdir("./file0", 0777) = 0 [pid 1690] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1690] ioctl(4, LOOP_CLR_FD) = 0 [pid 1690] close(4) = 0 [pid 1690] close(3) = 0 [pid 1690] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1689] <... futex resumed>) = 0 [pid 1689] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1689] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1690] chdir("./file0") = 0 [pid 1690] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1689] <... futex resumed>) = 0 [pid 1689] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1689] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1690] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1690] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1689] <... futex resumed>) = 0 [pid 1689] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1689] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1689] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1689] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1693], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1693 [pid 1689] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1689] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1690] <... write resumed>) = 61 [pid 1690] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1690] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1693 attached [pid 1693] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1693] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1693] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1689] <... futex resumed>) = 0 [pid 1689] exit_group(0 [pid 1690] <... futex resumed>) = ? [pid 1689] <... exit_group resumed>) = ? [pid 1690] +++ exited with 0 +++ [pid 1693] +++ exited with 0 +++ [pid 1689] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1689, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./265", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./265/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./265/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./265/binderfs") = 0 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./265/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./265/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./265") = 0 mkdir("./266", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1694 ./strace-static-x86_64: Process 1694 attached [pid 1694] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1694] chdir("./266") = 0 [pid 1694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1694] setpgid(0, 0) = 0 [pid 1694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1694] write(3, "1000", 4) = 4 [pid 1694] close(3) = 0 [pid 1694] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1694] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1694] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1694] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1695], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1695 [pid 1694] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1694] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1695 attached [pid 1695] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1695] memfd_create("syzkaller", 0) = 3 [pid 1695] ftruncate(3, 2097152) = 0 [pid 1695] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1695] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1695] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1695] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1695] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1695] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1695] mkdir("./file0", 0777) = 0 [pid 1695] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1695] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1695] ioctl(4, LOOP_CLR_FD) = 0 [pid 1695] close(4) = 0 [pid 1695] close(3) = 0 [pid 1695] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1694] <... futex resumed>) = 0 [pid 1694] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1694] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1695] <... futex resumed>) = 1 [pid 1695] chdir("./file0") = 0 [pid 1695] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1694] <... futex resumed>) = 0 [pid 1694] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1694] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1695] <... futex resumed>) = 1 [pid 1695] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1695] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1694] <... futex resumed>) = 0 [pid 1695] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1694] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1694] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1694] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1694] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1698], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1698 [pid 1694] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1694] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1695] <... futex resumed>) = 0 [pid 1695] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 1695] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1695] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1698 attached [pid 1698] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1698] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1698] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1694] <... futex resumed>) = 0 [pid 1694] exit_group(0 [pid 1695] <... futex resumed>) = ? [pid 1694] <... exit_group resumed>) = ? [pid 1695] +++ exited with 0 +++ [pid 1698] <... futex resumed>) = ? [pid 1698] +++ exited with 0 +++ [pid 1694] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1694, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./266", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./266/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./266/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./266/binderfs") = 0 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./266/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./266/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./266") = 0 mkdir("./267", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1699 ./strace-static-x86_64: Process 1699 attached [pid 1699] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1699] chdir("./267") = 0 [pid 1699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1699] setpgid(0, 0) = 0 [pid 1699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1699] write(3, "1000", 4) = 4 [pid 1699] close(3) = 0 [pid 1699] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1699] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1699] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1699] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1700], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1700 ./strace-static-x86_64: Process 1700 attached [pid 1699] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1700] set_robust_list(0x7f697cdef9e0, 24 [pid 1699] <... futex resumed>) = 0 [pid 1699] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1700] <... set_robust_list resumed>) = 0 [pid 1700] memfd_create("syzkaller", 0) = 3 [pid 1700] ftruncate(3, 2097152) = 0 [pid 1700] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1700] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1700] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1700] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1700] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1700] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1700] mkdir("./file0", 0777) = 0 [pid 1700] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1700] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1700] ioctl(4, LOOP_CLR_FD) = 0 [pid 1700] close(4) = 0 [pid 1700] close(3) = 0 [pid 1700] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1699] <... futex resumed>) = 0 [pid 1699] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1700] chdir("./file0" [pid 1699] <... futex resumed>) = 0 [pid 1699] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1700] <... chdir resumed>) = 0 [pid 1700] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1699] <... futex resumed>) = 0 [pid 1700] <... futex resumed>) = 1 [pid 1700] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1699] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1699] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1700] <... openat resumed>) = 3 [pid 1700] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1699] <... futex resumed>) = 0 [pid 1699] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1700] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1699] <... futex resumed>) = 0 [pid 1699] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1699] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1699] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1703 attached [pid 1703] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1703] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1699] <... clone resumed>, parent_tid=[1703], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1703 [pid 1699] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1700] <... write resumed>) = 61 [pid 1699] <... futex resumed>) = 1 [pid 1700] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1699] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1700] <... futex resumed>) = 0 [pid 1700] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1703] <... futex resumed>) = 0 [pid 1703] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1703] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1699] <... futex resumed>) = 0 [pid 1699] exit_group(0) = ? [pid 1700] <... futex resumed>) = ? [pid 1700] +++ exited with 0 +++ [pid 1703] <... futex resumed>) = ? [pid 1703] +++ exited with 0 +++ [pid 1699] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1699, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./267", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./267/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./267/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./267/binderfs") = 0 umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./267/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./267/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./267") = 0 mkdir("./268", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1704 ./strace-static-x86_64: Process 1704 attached [pid 1704] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1704] chdir("./268") = 0 [pid 1704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1704] setpgid(0, 0) = 0 [pid 1704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1704] write(3, "1000", 4) = 4 [pid 1704] close(3) = 0 [pid 1704] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1704] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1704] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1704] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1704] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1705], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1705 [pid 1704] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1704] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1705 attached [pid 1705] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1705] memfd_create("syzkaller", 0) = 3 [pid 1705] ftruncate(3, 2097152) = 0 [pid 1705] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1705] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1705] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1705] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1705] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1705] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1705] mkdir("./file0", 0777) = 0 [pid 1705] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1705] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1705] ioctl(4, LOOP_CLR_FD) = 0 [pid 1705] close(4) = 0 [pid 1705] close(3) = 0 [pid 1705] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1704] <... futex resumed>) = 0 [pid 1704] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1704] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1705] <... futex resumed>) = 1 [pid 1705] chdir("./file0") = 0 [pid 1705] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1704] <... futex resumed>) = 0 [pid 1704] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1704] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1705] <... futex resumed>) = 1 [pid 1705] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1705] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1704] <... futex resumed>) = 0 [pid 1704] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1704] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1704] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1704] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1704] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1708], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1708 [pid 1704] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1704] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1705] <... futex resumed>) = 1 [pid 1705] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 1705] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1705] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1708 attached [pid 1708] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1708] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1708] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1704] <... futex resumed>) = 0 [pid 1704] exit_group(0 [pid 1705] <... futex resumed>) = ? [pid 1704] <... exit_group resumed>) = ? [pid 1705] +++ exited with 0 +++ [pid 1708] <... futex resumed>) = ? [pid 1708] +++ exited with 0 +++ [pid 1704] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1704, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./268", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./268/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./268/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./268/binderfs") = 0 umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./268/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./268/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./268") = 0 mkdir("./269", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1709 ./strace-static-x86_64: Process 1709 attached [pid 1709] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1709] chdir("./269") = 0 [pid 1709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1709] setpgid(0, 0) = 0 [pid 1709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1709] write(3, "1000", 4) = 4 [pid 1709] close(3) = 0 [pid 1709] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1709] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1709] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1709] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1710], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1710 [pid 1709] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1709] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1710 attached [pid 1710] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1710] memfd_create("syzkaller", 0) = 3 [pid 1710] ftruncate(3, 2097152) = 0 [pid 1710] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1710] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1710] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1710] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1710] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1710] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1710] mkdir("./file0", 0777) = 0 [pid 1710] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1710] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1710] ioctl(4, LOOP_CLR_FD) = 0 [pid 1710] close(4) = 0 [pid 1710] close(3) = 0 [pid 1710] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1709] <... futex resumed>) = 0 [pid 1709] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1709] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1710] <... futex resumed>) = 1 [pid 1710] chdir("./file0") = 0 [pid 1710] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1709] <... futex resumed>) = 0 [pid 1709] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1709] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1710] <... futex resumed>) = 1 [pid 1710] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1710] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1709] <... futex resumed>) = 0 [pid 1709] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1709] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1709] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1709] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1713], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1713 [pid 1709] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1709] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1713 attached [pid 1710] <... futex resumed>) = 1 [pid 1713] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1710] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1713] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 1710] <... write resumed>) = 61 [pid 1713] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 1710] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1713] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1710] <... futex resumed>) = 0 [pid 1713] <... futex resumed>) = 1 [pid 1710] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1709] <... futex resumed>) = 0 [pid 1709] exit_group(0) = ? [pid 1710] <... futex resumed>) = ? [pid 1713] +++ exited with 0 +++ [pid 1710] +++ exited with 0 +++ [pid 1709] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1709, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./269", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./269/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./269/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./269/binderfs") = 0 umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./269/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./269/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./269") = 0 mkdir("./270", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1714 ./strace-static-x86_64: Process 1714 attached [pid 1714] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1714] chdir("./270") = 0 [pid 1714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1714] setpgid(0, 0) = 0 [pid 1714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1714] write(3, "1000", 4) = 4 [pid 1714] close(3) = 0 [pid 1714] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1714] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1714] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1714] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1715 attached [pid 1715] set_robust_list(0x7f697cdef9e0, 24 [pid 1714] <... clone resumed>, parent_tid=[1715], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1715 [pid 1715] <... set_robust_list resumed>) = 0 [pid 1714] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1714] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1715] memfd_create("syzkaller", 0) = 3 [pid 1715] ftruncate(3, 2097152) = 0 [pid 1715] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1715] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1715] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1715] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1715] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1715] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1715] mkdir("./file0", 0777) = 0 [pid 1715] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1715] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1715] ioctl(4, LOOP_CLR_FD) = 0 [pid 1715] close(4) = 0 [pid 1715] close(3) = 0 [pid 1715] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1714] <... futex resumed>) = 0 [pid 1714] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1714] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1715] <... futex resumed>) = 1 [pid 1715] chdir("./file0") = 0 [pid 1715] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1714] <... futex resumed>) = 0 [pid 1714] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1714] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1715] <... futex resumed>) = 1 [pid 1715] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1715] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1714] <... futex resumed>) = 0 [pid 1714] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1714] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1714] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1714] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1718], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1718 [pid 1714] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1714] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1715] <... futex resumed>) = 1 [pid 1715] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 1715] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1715] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1718 attached [pid 1718] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1718] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1718] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1714] <... futex resumed>) = 0 [pid 1714] exit_group(0) = ? [pid 1715] <... futex resumed>) = ? [pid 1715] +++ exited with 0 +++ [pid 1718] <... futex resumed>) = ? [pid 1718] +++ exited with 0 +++ [pid 1714] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1714, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./270", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./270/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./270/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./270/binderfs") = 0 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./270/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./270/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./270") = 0 mkdir("./271", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1719 ./strace-static-x86_64: Process 1719 attached [pid 1719] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1719] chdir("./271") = 0 [pid 1719] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1719] setpgid(0, 0) = 0 [pid 1719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1719] write(3, "1000", 4) = 4 [pid 1719] close(3) = 0 [pid 1719] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1719] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1719] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1719] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1719] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1720], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1720 [pid 1719] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1719] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1720 attached [pid 1720] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1720] memfd_create("syzkaller", 0) = 3 [pid 1720] ftruncate(3, 2097152) = 0 [pid 1720] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1720] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1720] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1720] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1720] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1720] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1720] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1720] mkdir("./file0", 0777) = 0 [pid 1720] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1720] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1720] ioctl(4, LOOP_CLR_FD) = 0 [pid 1720] close(4) = 0 [pid 1720] close(3) = 0 [pid 1720] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1720] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1719] <... futex resumed>) = 0 [pid 1719] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1719] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1720] <... futex resumed>) = 0 [pid 1720] chdir("./file0") = 0 [pid 1720] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1719] <... futex resumed>) = 0 [pid 1720] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1719] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1719] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1720] <... openat resumed>) = 3 [pid 1720] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1719] <... futex resumed>) = 0 [pid 1720] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1719] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1720] <... write resumed>) = 61 [pid 1719] <... futex resumed>) = 0 [pid 1720] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1719] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1720] <... futex resumed>) = 0 [pid 1719] <... futex resumed>) = 0 [pid 1720] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1719] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1719] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1719] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1723 attached , parent_tid=[1723], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1723 [pid 1719] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1719] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1723] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1723] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1723] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1719] <... futex resumed>) = 0 [pid 1719] exit_group(0 [pid 1720] <... futex resumed>) = ? [pid 1719] <... exit_group resumed>) = ? [pid 1720] +++ exited with 0 +++ [pid 1723] <... futex resumed>) = ? [pid 1723] +++ exited with 0 +++ [pid 1719] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1719, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./271", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./271/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./271/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./271/binderfs") = 0 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./271/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./271/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./271") = 0 mkdir("./272", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1724 ./strace-static-x86_64: Process 1724 attached [pid 1724] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1724] chdir("./272") = 0 [pid 1724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1724] setpgid(0, 0) = 0 [pid 1724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1724] write(3, "1000", 4) = 4 [pid 1724] close(3) = 0 [pid 1724] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1724] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1724] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1724] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1724] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1725], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1725 [pid 1724] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1724] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1725 attached [pid 1725] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1725] memfd_create("syzkaller", 0) = 3 [pid 1725] ftruncate(3, 2097152) = 0 [pid 1725] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1725] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1725] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1725] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1725] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1725] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1725] mkdir("./file0", 0777) = 0 [pid 1725] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1725] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1725] ioctl(4, LOOP_CLR_FD) = 0 [pid 1725] close(4) = 0 [pid 1725] close(3) = 0 [pid 1725] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1724] <... futex resumed>) = 0 [pid 1724] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1724] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1725] chdir("./file0") = 0 [pid 1725] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1724] <... futex resumed>) = 0 [pid 1724] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1724] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1725] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1725] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1724] <... futex resumed>) = 0 [pid 1725] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1724] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1724] <... futex resumed>) = 0 [pid 1725] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1724] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1724] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1725] <... write resumed>) = 61 [pid 1724] <... mmap resumed>) = 0x7f697cdae000 [pid 1725] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1724] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 1725] <... futex resumed>) = 0 [pid 1724] <... mprotect resumed>) = 0 [pid 1725] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1724] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1728 attached , parent_tid=[1728], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1728 [pid 1724] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1724] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1728] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1728] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1728] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1724] <... futex resumed>) = 0 [pid 1728] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1724] exit_group(0) = ? [pid 1725] <... futex resumed>) = ? [pid 1725] +++ exited with 0 +++ [pid 1728] <... futex resumed>) = ? [pid 1728] +++ exited with 0 +++ [pid 1724] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1724, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./272", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./272/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./272/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./272/binderfs") = 0 umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./272/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./272/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./272") = 0 mkdir("./273", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1729 ./strace-static-x86_64: Process 1729 attached [pid 1729] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1729] chdir("./273") = 0 [pid 1729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1729] setpgid(0, 0) = 0 [pid 1729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1729] write(3, "1000", 4) = 4 [pid 1729] close(3) = 0 [pid 1729] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1729] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1729] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1729] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1730], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1730 [pid 1729] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1729] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1730 attached [pid 1730] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1730] memfd_create("syzkaller", 0) = 3 [pid 1730] ftruncate(3, 2097152) = 0 [pid 1730] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1730] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1730] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1730] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1730] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1730] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1730] mkdir("./file0", 0777) = 0 [pid 1730] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1730] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1730] ioctl(4, LOOP_CLR_FD) = 0 [pid 1730] close(4) = 0 [pid 1730] close(3) = 0 [pid 1730] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1729] <... futex resumed>) = 0 [pid 1729] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1730] chdir("./file0") = 0 [pid 1729] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1730] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1730] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 1729] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1730] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1729] <... futex resumed>) = 0 [pid 1729] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1730] <... openat resumed>) = 3 [pid 1730] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1729] <... futex resumed>) = 0 [pid 1730] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1729] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1730] <... futex resumed>) = 0 [pid 1729] <... futex resumed>) = 1 [pid 1730] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1729] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1730] <... write resumed>) = 61 [pid 1729] <... futex resumed>) = 0 [pid 1730] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1730] <... futex resumed>) = 0 [pid 1729] <... mmap resumed>) = 0x7f697cdae000 [pid 1730] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1729] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1729] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1733], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1733 [pid 1729] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1729] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1733 attached [pid 1733] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1733] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1733] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1729] <... futex resumed>) = 0 [pid 1729] exit_group(0 [pid 1730] <... futex resumed>) = ? [pid 1729] <... exit_group resumed>) = ? [pid 1730] +++ exited with 0 +++ [pid 1733] <... futex resumed>) = ? [pid 1733] +++ exited with 0 +++ [pid 1729] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1729, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./273", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./273/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./273/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./273/binderfs") = 0 umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./273/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./273/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./273") = 0 mkdir("./274", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1734 ./strace-static-x86_64: Process 1734 attached [pid 1734] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1734] chdir("./274") = 0 [pid 1734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1734] setpgid(0, 0) = 0 [pid 1734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1734] write(3, "1000", 4) = 4 [pid 1734] close(3) = 0 [pid 1734] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1734] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1734] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1734] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1734] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1735 attached [pid 1735] set_robust_list(0x7f697cdef9e0, 24 [pid 1734] <... clone resumed>, parent_tid=[1735], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1735 [pid 1735] <... set_robust_list resumed>) = 0 [pid 1734] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1735] memfd_create("syzkaller", 0 [pid 1734] <... futex resumed>) = 0 [pid 1734] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1735] <... memfd_create resumed>) = 3 [pid 1735] ftruncate(3, 2097152) = 0 [pid 1735] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1735] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1735] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1735] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1735] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1735] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1735] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1735] mkdir("./file0", 0777) = 0 [pid 1735] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1735] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1735] ioctl(4, LOOP_CLR_FD) = 0 [pid 1735] close(4) = 0 [pid 1735] close(3) = 0 [pid 1735] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1735] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1734] <... futex resumed>) = 0 [pid 1734] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1734] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1735] <... futex resumed>) = 0 [pid 1735] chdir("./file0") = 0 [pid 1735] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1734] <... futex resumed>) = 0 [pid 1734] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1734] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1735] <... futex resumed>) = 1 [pid 1735] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1735] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1734] <... futex resumed>) = 0 [pid 1734] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1734] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1734] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1734] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1734] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1738 attached , parent_tid=[1738], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1738 [pid 1734] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1734] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1735] <... futex resumed>) = 1 [pid 1738] set_robust_list(0x7f697cdce9e0, 24 [pid 1735] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1738] <... set_robust_list resumed>) = 0 [pid 1735] <... write resumed>) = 61 [pid 1735] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1735] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1738] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1738] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1734] <... futex resumed>) = 0 [pid 1734] exit_group(0) = ? [pid 1735] <... futex resumed>) = ? [pid 1735] +++ exited with 0 +++ [pid 1738] <... futex resumed>) = ? [pid 1738] +++ exited with 0 +++ [pid 1734] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1734, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./274", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./274/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./274/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./274/binderfs") = 0 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./274/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./274/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./274") = 0 mkdir("./275", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1739 ./strace-static-x86_64: Process 1739 attached [pid 1739] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1739] chdir("./275") = 0 [pid 1739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1739] setpgid(0, 0) = 0 [pid 1739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1739] write(3, "1000", 4) = 4 [pid 1739] close(3) = 0 [pid 1739] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1739] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1739] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1739] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1740], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1740 [pid 1739] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1739] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1740 attached [pid 1740] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1740] memfd_create("syzkaller", 0) = 3 [pid 1740] ftruncate(3, 2097152) = 0 [pid 1740] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1740] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1740] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1740] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1740] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1740] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1740] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1740] mkdir("./file0", 0777) = 0 [pid 1740] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1740] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1740] ioctl(4, LOOP_CLR_FD) = 0 [pid 1740] close(4) = 0 [pid 1740] close(3) = 0 [pid 1740] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1739] <... futex resumed>) = 0 [pid 1739] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1739] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1740] chdir("./file0") = 0 [pid 1740] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1739] <... futex resumed>) = 0 [pid 1739] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1739] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1740] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1740] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1739] <... futex resumed>) = 0 [pid 1739] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1739] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1739] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1739] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1743], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1743 [pid 1739] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1740] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1739] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1740] <... write resumed>) = 61 [pid 1740] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1740] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1743 attached [pid 1743] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1743] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1743] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1739] <... futex resumed>) = 0 [pid 1739] exit_group(0 [pid 1740] <... futex resumed>) = ? [pid 1739] <... exit_group resumed>) = ? [pid 1740] +++ exited with 0 +++ [pid 1743] <... futex resumed>) = ? [pid 1743] +++ exited with 0 +++ [pid 1739] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1739, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./275", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./275/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./275/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./275/binderfs") = 0 umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./275/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./275/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./275") = 0 mkdir("./276", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1744 ./strace-static-x86_64: Process 1744 attached [pid 1744] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1744] chdir("./276") = 0 [pid 1744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1744] setpgid(0, 0) = 0 [pid 1744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1744] write(3, "1000", 4) = 4 [pid 1744] close(3) = 0 [pid 1744] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1744] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1744] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1744] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1745], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1745 [pid 1744] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1744] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1745 attached [pid 1745] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1745] memfd_create("syzkaller", 0) = 3 [pid 1745] ftruncate(3, 2097152) = 0 [pid 1745] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1745] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1745] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1745] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1745] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1745] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1745] mkdir("./file0", 0777) = 0 [pid 1745] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1745] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1745] ioctl(4, LOOP_CLR_FD) = 0 [pid 1745] close(4) = 0 [pid 1745] close(3) = 0 [pid 1745] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1744] <... futex resumed>) = 0 [pid 1744] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1744] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1745] <... futex resumed>) = 1 [pid 1745] chdir("./file0") = 0 [pid 1745] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1744] <... futex resumed>) = 0 [pid 1744] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1744] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1745] <... futex resumed>) = 1 [pid 1745] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1745] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1744] <... futex resumed>) = 0 [pid 1744] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1744] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1744] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1744] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1748], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1748 [pid 1744] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1744] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1745] <... futex resumed>) = 1 [pid 1745] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 1745] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1745] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1748 attached [pid 1748] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1748] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1748] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1744] <... futex resumed>) = 0 [pid 1744] exit_group(0 [pid 1745] <... futex resumed>) = ? [pid 1744] <... exit_group resumed>) = ? [pid 1745] +++ exited with 0 +++ [pid 1748] <... futex resumed>) = ? [pid 1748] +++ exited with 0 +++ [pid 1744] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1744, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./276", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./276/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./276/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./276/binderfs") = 0 umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./276/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./276/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./276") = 0 mkdir("./277", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1749 ./strace-static-x86_64: Process 1749 attached [pid 1749] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1749] chdir("./277") = 0 [pid 1749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1749] setpgid(0, 0) = 0 [pid 1749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1749] write(3, "1000", 4) = 4 [pid 1749] close(3) = 0 [pid 1749] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1749] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1749] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1749] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1750 attached [pid 1750] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1750] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1749] <... clone resumed>, parent_tid=[1750], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1750 [pid 1749] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1750] <... futex resumed>) = 0 [pid 1750] memfd_create("syzkaller", 0) = 3 [pid 1750] ftruncate(3, 2097152) = 0 [pid 1750] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1750] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1750] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1750] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1750] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1749] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1750] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1750] mkdir("./file0", 0777) = 0 [pid 1750] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1750] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1750] ioctl(4, LOOP_CLR_FD) = 0 [pid 1750] close(4) = 0 [pid 1750] close(3) = 0 [pid 1750] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1749] <... futex resumed>) = 0 [pid 1749] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1749] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1750] <... futex resumed>) = 1 [pid 1750] chdir("./file0") = 0 [pid 1750] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1749] <... futex resumed>) = 0 [pid 1749] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1749] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1750] <... futex resumed>) = 1 [pid 1750] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1750] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1749] <... futex resumed>) = 0 [pid 1749] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1749] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1749] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1749] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1753], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1753 [pid 1749] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1749] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1750] <... futex resumed>) = 1 [pid 1750] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 1750] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1750] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1753 attached [pid 1753] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1753] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1753] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1749] <... futex resumed>) = 0 [pid 1749] exit_group(0) = ? [pid 1753] <... futex resumed>) = ? [pid 1750] <... futex resumed>) = ? [pid 1750] +++ exited with 0 +++ [pid 1753] +++ exited with 0 +++ [pid 1749] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1749, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./277", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./277/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./277/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./277/binderfs") = 0 umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./277/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./277/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./277") = 0 mkdir("./278", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1754 ./strace-static-x86_64: Process 1754 attached [pid 1754] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1754] chdir("./278") = 0 [pid 1754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1754] setpgid(0, 0) = 0 [pid 1754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1754] write(3, "1000", 4) = 4 [pid 1754] close(3) = 0 [pid 1754] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1754] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1754] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1754] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1755], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1755 [pid 1754] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1755 attached ) = 0 [pid 1755] set_robust_list(0x7f697cdef9e0, 24 [pid 1754] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1755] <... set_robust_list resumed>) = 0 [pid 1755] memfd_create("syzkaller", 0) = 3 [pid 1755] ftruncate(3, 2097152) = 0 [pid 1755] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1755] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1755] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1755] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1755] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1755] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1755] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1755] mkdir("./file0", 0777) = 0 [pid 1755] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1755] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1755] ioctl(4, LOOP_CLR_FD) = 0 [pid 1755] close(4) = 0 [pid 1755] close(3) = 0 [pid 1755] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1754] <... futex resumed>) = 0 [pid 1755] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1754] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1755] <... futex resumed>) = 0 [pid 1754] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1755] chdir("./file0") = 0 [pid 1755] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1754] <... futex resumed>) = 0 [pid 1754] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1755] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1754] <... futex resumed>) = 0 [pid 1754] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1755] <... openat resumed>) = 3 [pid 1755] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1754] <... futex resumed>) = 0 [pid 1754] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1754] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1754] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1754] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1758 attached [pid 1758] set_robust_list(0x7f697cdce9e0, 24 [pid 1754] <... clone resumed>, parent_tid=[1758], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1758 [pid 1758] <... set_robust_list resumed>) = 0 [pid 1754] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1754] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1755] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1758] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 1755] <... write resumed>) = 61 [pid 1755] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1755] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1758] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 1758] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1754] <... futex resumed>) = 0 [pid 1758] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1754] exit_group(0) = ? [pid 1755] <... futex resumed>) = ? [pid 1755] +++ exited with 0 +++ [pid 1758] <... futex resumed>) = ? [pid 1758] +++ exited with 0 +++ [pid 1754] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1754, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./278", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./278/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./278/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./278/binderfs") = 0 umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./278/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./278/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./278") = 0 mkdir("./279", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1759 ./strace-static-x86_64: Process 1759 attached [pid 1759] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1759] chdir("./279") = 0 [pid 1759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1759] setpgid(0, 0) = 0 [pid 1759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1759] write(3, "1000", 4) = 4 [pid 1759] close(3) = 0 [pid 1759] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1759] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1759] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1759] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1760], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1760 [pid 1759] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1759] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1760 attached [pid 1760] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1760] memfd_create("syzkaller", 0) = 3 [pid 1760] ftruncate(3, 2097152) = 0 [pid 1760] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1760] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1760] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1760] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1760] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1760] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1760] mkdir("./file0", 0777) = 0 [pid 1760] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1760] ioctl(4, LOOP_CLR_FD) = 0 [pid 1760] close(4) = 0 [pid 1760] close(3) = 0 [pid 1760] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1759] <... futex resumed>) = 0 [pid 1759] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1759] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1760] chdir("./file0") = 0 [pid 1760] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1759] <... futex resumed>) = 0 [pid 1759] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1759] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1760] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1760] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1759] <... futex resumed>) = 0 [pid 1759] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1759] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1759] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1759] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1763], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1763 [pid 1759] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1759] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1760] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 1760] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1760] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1763 attached [pid 1763] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1763] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1763] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1759] <... futex resumed>) = 0 [pid 1759] exit_group(0 [pid 1763] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1759] <... exit_group resumed>) = ? [pid 1760] <... futex resumed>) = ? [pid 1763] <... futex resumed>) = ? [pid 1760] +++ exited with 0 +++ [pid 1763] +++ exited with 0 +++ [pid 1759] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1759, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./279", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./279/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./279/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./279/binderfs") = 0 umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./279/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./279/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./279") = 0 mkdir("./280", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1764 ./strace-static-x86_64: Process 1764 attached [pid 1764] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1764] chdir("./280") = 0 [pid 1764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1764] setpgid(0, 0) = 0 [pid 1764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1764] write(3, "1000", 4) = 4 [pid 1764] close(3) = 0 [pid 1764] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1764] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1764] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1764] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1765], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1765 [pid 1764] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1764] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1765 attached [pid 1765] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1765] memfd_create("syzkaller", 0) = 3 [pid 1765] ftruncate(3, 2097152) = 0 [pid 1765] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1765] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1765] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1765] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1765] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1765] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1765] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1765] mkdir("./file0", 0777) = 0 [pid 1765] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1765] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1765] ioctl(4, LOOP_CLR_FD) = 0 [pid 1765] close(4) = 0 [pid 1765] close(3) = 0 [pid 1765] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1765] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1764] <... futex resumed>) = 0 [pid 1764] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1764] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1765] <... futex resumed>) = 0 [pid 1765] chdir("./file0") = 0 [pid 1765] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1764] <... futex resumed>) = 0 [pid 1765] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1764] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1764] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1765] <... openat resumed>) = 3 [pid 1765] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1764] <... futex resumed>) = 0 [pid 1765] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1764] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1765] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1764] <... futex resumed>) = 0 [pid 1765] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1764] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1764] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1765] <... write resumed>) = 61 [pid 1765] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1764] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 1765] <... futex resumed>) = 0 [pid 1765] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1764] <... clone resumed>, parent_tid=[1768], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1768 [pid 1764] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1764] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1768 attached [pid 1768] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1768] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1768] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1764] <... futex resumed>) = 0 [pid 1768] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1764] exit_group(0) = ? [pid 1768] <... futex resumed>) = ? [pid 1768] +++ exited with 0 +++ [pid 1765] <... futex resumed>) = ? [pid 1765] +++ exited with 0 +++ [pid 1764] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1764, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./280", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./280/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./280/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./280/binderfs") = 0 umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./280/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./280/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./280") = 0 mkdir("./281", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1769 ./strace-static-x86_64: Process 1769 attached [pid 1769] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1769] chdir("./281") = 0 [pid 1769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1769] setpgid(0, 0) = 0 [pid 1769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1769] write(3, "1000", 4) = 4 [pid 1769] close(3) = 0 [pid 1769] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1769] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1769] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1769] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1770], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1770 [pid 1769] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1769] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1770 attached [pid 1770] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1770] memfd_create("syzkaller", 0) = 3 [pid 1770] ftruncate(3, 2097152) = 0 [pid 1770] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1770] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1770] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1770] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1770] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1770] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1770] mkdir("./file0", 0777) = 0 [pid 1770] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1770] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1770] ioctl(4, LOOP_CLR_FD) = 0 [pid 1770] close(4) = 0 [pid 1770] close(3) = 0 [pid 1770] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1769] <... futex resumed>) = 0 [pid 1769] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1769] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1770] <... futex resumed>) = 1 [pid 1770] chdir("./file0") = 0 [pid 1770] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1769] <... futex resumed>) = 0 [pid 1769] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1769] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1770] <... futex resumed>) = 1 [pid 1770] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1770] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1769] <... futex resumed>) = 0 [pid 1769] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1769] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1769] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1769] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1773], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1773 [pid 1769] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1769] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1770] <... futex resumed>) = 1 [pid 1770] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61./strace-static-x86_64: Process 1773 attached ) = 61 [pid 1773] set_robust_list(0x7f697cdce9e0, 24 [pid 1770] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1773] <... set_robust_list resumed>) = 0 [pid 1773] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 1770] <... futex resumed>) = 0 [pid 1770] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1773] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 1773] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1769] <... futex resumed>) = 0 [pid 1769] exit_group(0) = ? [pid 1770] <... futex resumed>) = ? [pid 1773] <... futex resumed>) = ? [pid 1773] +++ exited with 0 +++ [pid 1770] +++ exited with 0 +++ [pid 1769] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1769, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./281", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./281/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./281/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./281/binderfs") = 0 umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./281/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./281/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./281") = 0 mkdir("./282", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1774 ./strace-static-x86_64: Process 1774 attached [pid 1774] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1774] chdir("./282") = 0 [pid 1774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1774] setpgid(0, 0) = 0 [pid 1774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1774] write(3, "1000", 4) = 4 [pid 1774] close(3) = 0 [pid 1774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1774] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1774] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1774] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1775], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1775 [pid 1774] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1774] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1775 attached [pid 1775] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1775] memfd_create("syzkaller", 0) = 3 [pid 1775] ftruncate(3, 2097152) = 0 [pid 1775] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1775] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1775] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1775] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1775] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1775] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1775] mkdir("./file0", 0777) = 0 [pid 1775] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1775] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1775] ioctl(4, LOOP_CLR_FD) = 0 [pid 1775] close(4) = 0 [pid 1775] close(3) = 0 [pid 1775] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1774] <... futex resumed>) = 0 [pid 1774] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1774] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1775] chdir("./file0") = 0 [pid 1775] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1774] <... futex resumed>) = 0 [pid 1774] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1774] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1775] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1775] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1774] <... futex resumed>) = 0 [pid 1774] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1774] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1775] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1775] <... write resumed>) = 61 [pid 1774] <... mmap resumed>) = 0x7f697cdae000 [pid 1775] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1774] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 1775] <... futex resumed>) = 0 [pid 1774] <... mprotect resumed>) = 0 [pid 1775] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1774] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1778], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1778 [pid 1774] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1774] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1778 attached [pid 1778] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1778] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1778] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1774] <... futex resumed>) = 0 [pid 1774] exit_group(0 [pid 1775] <... futex resumed>) = ? [pid 1774] <... exit_group resumed>) = ? [pid 1775] +++ exited with 0 +++ [pid 1778] <... futex resumed>) = ? [pid 1778] +++ exited with 0 +++ [pid 1774] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1774, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./282", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./282/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./282/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./282/binderfs") = 0 umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./282/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./282/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./282") = 0 mkdir("./283", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1779 ./strace-static-x86_64: Process 1779 attached [pid 1779] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1779] chdir("./283") = 0 [pid 1779] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1779] setpgid(0, 0) = 0 [pid 1779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1779] write(3, "1000", 4) = 4 [pid 1779] close(3) = 0 [pid 1779] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1779] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1779] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1779] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1779] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1780], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1780 [pid 1779] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1779] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1780 attached [pid 1780] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1780] memfd_create("syzkaller", 0) = 3 [pid 1780] ftruncate(3, 2097152) = 0 [pid 1780] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1780] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1780] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1780] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1780] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1780] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1780] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1780] mkdir("./file0", 0777) = 0 [pid 1780] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1780] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1780] ioctl(4, LOOP_CLR_FD) = 0 [pid 1780] close(4) = 0 [pid 1780] close(3) = 0 [pid 1780] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1779] <... futex resumed>) = 0 [pid 1779] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1779] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1780] chdir("./file0") = 0 [pid 1780] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1779] <... futex resumed>) = 0 [pid 1779] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1780] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1779] <... futex resumed>) = 0 [pid 1780] <... openat resumed>) = 3 [pid 1779] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1780] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1779] <... futex resumed>) = 0 [pid 1780] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1779] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1780] <... write resumed>) = 61 [pid 1779] <... futex resumed>) = 0 [pid 1780] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1779] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1780] <... futex resumed>) = 0 [pid 1779] <... futex resumed>) = 0 [pid 1780] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1779] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1779] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1779] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1783], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1783 [pid 1779] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1779] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1783 attached [pid 1783] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1783] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1783] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1779] <... futex resumed>) = 0 [pid 1779] exit_group(0 [pid 1780] <... futex resumed>) = ? [pid 1779] <... exit_group resumed>) = ? [pid 1780] +++ exited with 0 +++ [pid 1783] <... futex resumed>) = ? [pid 1783] +++ exited with 0 +++ [pid 1779] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1779, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./283", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./283/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./283/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./283/binderfs") = 0 umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./283/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./283/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./283") = 0 mkdir("./284", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1784 ./strace-static-x86_64: Process 1784 attached [pid 1784] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1784] chdir("./284") = 0 [pid 1784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1784] setpgid(0, 0) = 0 [pid 1784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1784] write(3, "1000", 4) = 4 [pid 1784] close(3) = 0 [pid 1784] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1784] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1784] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1784] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1785 attached , parent_tid=[1785], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1785 [pid 1785] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1785] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1784] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1785] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1784] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1785] memfd_create("syzkaller", 0) = 3 [pid 1785] ftruncate(3, 2097152) = 0 [pid 1785] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1785] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1785] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1785] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1785] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1785] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1785] mkdir("./file0", 0777) = 0 [pid 1785] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1785] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1785] ioctl(4, LOOP_CLR_FD) = 0 [pid 1785] close(4) = 0 [pid 1785] close(3) = 0 [pid 1785] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1784] <... futex resumed>) = 0 [pid 1784] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1784] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1785] chdir("./file0") = 0 [pid 1785] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1784] <... futex resumed>) = 0 [pid 1785] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1784] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1784] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1785] <... openat resumed>) = 3 [pid 1785] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1784] <... futex resumed>) = 0 [pid 1785] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1784] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1784] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1784] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 1785] <... write resumed>) = 61 [pid 1784] <... mprotect resumed>) = 0 [pid 1785] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1784] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 1785] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1784] <... clone resumed>, parent_tid=[1788], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1788 [pid 1784] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1784] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1788 attached [pid 1788] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1788] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1788] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1784] <... futex resumed>) = 0 [pid 1788] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1784] exit_group(0 [pid 1785] <... futex resumed>) = ? [pid 1784] <... exit_group resumed>) = ? [pid 1788] <... futex resumed>) = ? [pid 1785] +++ exited with 0 +++ [pid 1788] +++ exited with 0 +++ [pid 1784] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1784, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./284", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./284/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./284/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./284/binderfs") = 0 umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./284/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./284/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./284") = 0 mkdir("./285", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1789 ./strace-static-x86_64: Process 1789 attached [pid 1789] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1789] chdir("./285") = 0 [pid 1789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1789] setpgid(0, 0) = 0 [pid 1789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1789] write(3, "1000", 4) = 4 [pid 1789] close(3) = 0 [pid 1789] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1789] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1789] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1789] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1790], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1790 [pid 1789] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1789] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1790 attached [pid 1790] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1790] memfd_create("syzkaller", 0) = 3 [pid 1790] ftruncate(3, 2097152) = 0 [pid 1790] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1790] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1790] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1790] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1790] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1790] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1790] mkdir("./file0", 0777) = 0 [pid 1790] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1790] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1790] ioctl(4, LOOP_CLR_FD) = 0 [pid 1790] close(4) = 0 [pid 1790] close(3) = 0 [pid 1790] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1789] <... futex resumed>) = 0 [pid 1789] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1789] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1790] chdir("./file0") = 0 [pid 1790] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1789] <... futex resumed>) = 0 [pid 1789] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1789] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1790] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1790] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1789] <... futex resumed>) = 0 [pid 1789] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1789] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1789] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1789] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1793], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1793 [pid 1789] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1789] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1790] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 1790] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1790] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1793 attached [pid 1793] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1793] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1793] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1789] <... futex resumed>) = 0 [pid 1793] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1789] exit_group(0) = ? [pid 1790] <... futex resumed>) = ? [pid 1790] +++ exited with 0 +++ [pid 1793] <... futex resumed>) = 230 [pid 1793] +++ exited with 0 +++ [pid 1789] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1789, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./285", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./285/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./285/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./285/binderfs") = 0 umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./285/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./285/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./285") = 0 mkdir("./286", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1794 ./strace-static-x86_64: Process 1794 attached [pid 1794] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1794] chdir("./286") = 0 [pid 1794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1794] setpgid(0, 0) = 0 [pid 1794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1794] write(3, "1000", 4) = 4 [pid 1794] close(3) = 0 [pid 1794] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1794] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1794] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1794] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1795 attached , parent_tid=[1795], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1795 [pid 1795] set_robust_list(0x7f697cdef9e0, 24 [pid 1794] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1794] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1795] <... set_robust_list resumed>) = 0 [pid 1795] memfd_create("syzkaller", 0) = 3 [pid 1795] ftruncate(3, 2097152) = 0 [pid 1795] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1795] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1795] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1795] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1795] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1795] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1795] mkdir("./file0", 0777) = 0 [pid 1795] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1795] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1795] ioctl(4, LOOP_CLR_FD) = 0 [pid 1795] close(4) = 0 [pid 1795] close(3) = 0 [pid 1795] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1794] <... futex resumed>) = 0 [pid 1794] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1794] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1795] chdir("./file0") = 0 [pid 1795] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1794] <... futex resumed>) = 0 [pid 1794] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1794] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1795] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1795] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1794] <... futex resumed>) = 0 [pid 1794] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1795] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1794] <... futex resumed>) = 0 [pid 1794] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1795] <... write resumed>) = 61 [pid 1794] <... futex resumed>) = 0 [pid 1794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1795] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1794] <... mmap resumed>) = 0x7f697cdae000 [pid 1795] <... futex resumed>) = 0 [pid 1794] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 1795] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1794] <... mprotect resumed>) = 0 [pid 1794] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1798], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1798 [pid 1794] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1794] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1798 attached [pid 1798] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1798] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1798] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1798] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1794] <... futex resumed>) = 0 [pid 1794] exit_group(0) = ? [pid 1795] <... futex resumed>) = ? [pid 1795] +++ exited with 0 +++ [pid 1798] <... futex resumed>) = ? [pid 1798] +++ exited with 0 +++ [pid 1794] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1794, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./286", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./286/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./286/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./286/binderfs") = 0 umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./286/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./286/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./286") = 0 mkdir("./287", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1799 ./strace-static-x86_64: Process 1799 attached [pid 1799] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1799] chdir("./287") = 0 [pid 1799] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1799] setpgid(0, 0) = 0 [pid 1799] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1799] write(3, "1000", 4) = 4 [pid 1799] close(3) = 0 [pid 1799] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1799] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1799] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1799] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1799] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1800], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1800 [pid 1799] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1799] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1800 attached [pid 1800] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1800] memfd_create("syzkaller", 0) = 3 [pid 1800] ftruncate(3, 2097152) = 0 [pid 1800] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1800] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1800] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1800] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1800] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1800] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1800] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1800] mkdir("./file0", 0777) = 0 [pid 1800] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1800] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1800] ioctl(4, LOOP_CLR_FD) = 0 [pid 1800] close(4) = 0 [pid 1800] close(3) = 0 [pid 1800] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1799] <... futex resumed>) = 0 [pid 1799] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1799] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1800] <... futex resumed>) = 1 [pid 1800] chdir("./file0") = 0 [pid 1800] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1799] <... futex resumed>) = 0 [pid 1799] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1799] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1800] <... futex resumed>) = 1 [pid 1800] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1800] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1799] <... futex resumed>) = 0 [pid 1799] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1799] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1799] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1799] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1799] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1803], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1803 [pid 1799] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1799] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1800] <... futex resumed>) = 1 [pid 1800] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 1800] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1800] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1803 attached [pid 1803] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1803] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1803] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1799] <... futex resumed>) = 0 [pid 1799] exit_group(0 [pid 1800] <... futex resumed>) = ? [pid 1799] <... exit_group resumed>) = ? [pid 1800] +++ exited with 0 +++ [pid 1803] <... futex resumed>) = ? [pid 1803] +++ exited with 0 +++ [pid 1799] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1799, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./287", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./287/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./287/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./287/binderfs") = 0 umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./287/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./287/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./287") = 0 mkdir("./288", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1804 ./strace-static-x86_64: Process 1804 attached [pid 1804] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1804] chdir("./288") = 0 [pid 1804] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1804] setpgid(0, 0) = 0 [pid 1804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1804] write(3, "1000", 4) = 4 [pid 1804] close(3) = 0 [pid 1804] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1804] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1804] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1804] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1805 attached , parent_tid=[1805], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1805 [pid 1804] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1805] set_robust_list(0x7f697cdef9e0, 24 [pid 1804] <... futex resumed>) = 0 [pid 1805] <... set_robust_list resumed>) = 0 [pid 1804] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1805] memfd_create("syzkaller", 0) = 3 [pid 1805] ftruncate(3, 2097152) = 0 [pid 1805] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1805] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1805] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1805] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1805] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1805] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1805] mkdir("./file0", 0777) = 0 [pid 1805] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1805] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1805] ioctl(4, LOOP_CLR_FD) = 0 [pid 1805] close(4) = 0 [pid 1805] close(3) = 0 [pid 1805] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1804] <... futex resumed>) = 0 [pid 1804] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1804] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1805] chdir("./file0") = 0 [pid 1805] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1804] <... futex resumed>) = 0 [pid 1804] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1804] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1805] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1805] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1804] <... futex resumed>) = 0 [pid 1804] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1805] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1804] <... futex resumed>) = 0 [pid 1804] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1804] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1804] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1808], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1808 [pid 1804] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1804] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1808 attached [pid 1808] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1808] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1808] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1804] <... futex resumed>) = 0 [pid 1808] <... futex resumed>) = 1 [pid 1808] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1805] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 1805] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1805] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1804] exit_group(0) = ? [pid 1805] <... futex resumed>) = ? [pid 1805] +++ exited with 0 +++ [pid 1808] <... futex resumed>) = ? [pid 1808] +++ exited with 0 +++ [pid 1804] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1804, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./288", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./288/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./288/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./288/binderfs") = 0 umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./288/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./288/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./288") = 0 mkdir("./289", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1809 ./strace-static-x86_64: Process 1809 attached [pid 1809] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1809] chdir("./289") = 0 [pid 1809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1809] setpgid(0, 0) = 0 [pid 1809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1809] write(3, "1000", 4) = 4 [pid 1809] close(3) = 0 [pid 1809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1809] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1809] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1809] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1810], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1810 [pid 1809] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1809] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1810 attached [pid 1810] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1810] memfd_create("syzkaller", 0) = 3 [pid 1810] ftruncate(3, 2097152) = 0 [pid 1810] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1810] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1810] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1810] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1810] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1810] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1810] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1810] mkdir("./file0", 0777) = 0 [pid 1810] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1810] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1810] ioctl(4, LOOP_CLR_FD) = 0 [pid 1810] close(4) = 0 [pid 1810] close(3) = 0 [pid 1810] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1809] <... futex resumed>) = 0 [pid 1810] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1809] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1810] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1809] <... futex resumed>) = 0 [pid 1810] chdir("./file0" [pid 1809] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1810] <... chdir resumed>) = 0 [pid 1810] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1809] <... futex resumed>) = 0 [pid 1810] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1809] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1810] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1809] <... futex resumed>) = 0 [pid 1810] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1809] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1810] <... openat resumed>) = 3 [pid 1810] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1809] <... futex resumed>) = 0 [pid 1810] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 1809] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1810] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1809] <... futex resumed>) = 0 [pid 1810] <... write resumed>) = 61 [pid 1809] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1810] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1809] <... futex resumed>) = 0 [pid 1810] <... futex resumed>) = 0 [pid 1809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1810] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1809] <... mmap resumed>) = 0x7f697cdae000 [pid 1809] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1809] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1813], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1813 [pid 1809] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1809] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1813 attached [pid 1813] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1813] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1813] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1809] <... futex resumed>) = 0 [pid 1809] exit_group(0 [pid 1810] <... futex resumed>) = ? [pid 1809] <... exit_group resumed>) = ? [pid 1810] +++ exited with 0 +++ [pid 1813] +++ exited with 0 +++ [pid 1809] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1809, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./289", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./289/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./289/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./289/binderfs") = 0 umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./289/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./289/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./289") = 0 mkdir("./290", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1814 ./strace-static-x86_64: Process 1814 attached [pid 1814] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1814] chdir("./290") = 0 [pid 1814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1814] setpgid(0, 0) = 0 [pid 1814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1814] write(3, "1000", 4) = 4 [pid 1814] close(3) = 0 [pid 1814] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1814] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1814] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1814] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1815], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1815 [pid 1814] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1814] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1815 attached [pid 1815] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1815] memfd_create("syzkaller", 0) = 3 [pid 1815] ftruncate(3, 2097152) = 0 [pid 1815] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1815] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1815] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1815] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1815] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1815] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1815] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1815] mkdir("./file0", 0777) = 0 [pid 1815] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1815] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1815] ioctl(4, LOOP_CLR_FD) = 0 [pid 1815] close(4) = 0 [pid 1815] close(3) = 0 [pid 1815] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1814] <... futex resumed>) = 0 [pid 1815] <... futex resumed>) = 1 [pid 1815] chdir("./file0" [pid 1814] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1814] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1815] <... chdir resumed>) = 0 [pid 1815] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1814] <... futex resumed>) = 0 [pid 1814] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1814] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1815] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1815] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1814] <... futex resumed>) = 0 [pid 1814] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1815] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1814] <... futex resumed>) = 0 [pid 1814] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1815] <... write resumed>) = 61 [pid 1814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1815] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1814] <... mmap resumed>) = 0x7f697cdae000 [pid 1815] <... futex resumed>) = 0 [pid 1814] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1815] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1814] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1818], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1818 ./strace-static-x86_64: Process 1818 attached [pid 1814] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1818] set_robust_list(0x7f697cdce9e0, 24 [pid 1814] <... futex resumed>) = 0 [pid 1818] <... set_robust_list resumed>) = 0 [pid 1814] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1818] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1818] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1814] <... futex resumed>) = 0 [pid 1818] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1814] exit_group(0) = ? [pid 1815] <... futex resumed>) = ? [pid 1815] +++ exited with 0 +++ [pid 1818] <... futex resumed>) = ? [pid 1818] +++ exited with 0 +++ [pid 1814] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1814, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./290", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./290/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./290/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./290/binderfs") = 0 umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./290/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./290/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./290") = 0 mkdir("./291", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1819 ./strace-static-x86_64: Process 1819 attached [pid 1819] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1819] chdir("./291") = 0 [pid 1819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1819] setpgid(0, 0) = 0 [pid 1819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1819] write(3, "1000", 4) = 4 [pid 1819] close(3) = 0 [pid 1819] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1819] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1819] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1819] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1820], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1820 [pid 1819] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1819] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1820 attached [pid 1820] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1820] memfd_create("syzkaller", 0) = 3 [pid 1820] ftruncate(3, 2097152) = 0 [pid 1820] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1820] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1820] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1820] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1820] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1820] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1820] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1820] mkdir("./file0", 0777) = 0 [pid 1820] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1820] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1820] ioctl(4, LOOP_CLR_FD) = 0 [pid 1820] close(4) = 0 [pid 1820] close(3) = 0 [pid 1820] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1819] <... futex resumed>) = 0 [pid 1819] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1819] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1820] <... futex resumed>) = 1 [pid 1820] chdir("./file0") = 0 [pid 1820] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1819] <... futex resumed>) = 0 [pid 1819] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1819] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1820] <... futex resumed>) = 1 [pid 1820] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1820] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1819] <... futex resumed>) = 0 [pid 1819] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1819] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1819] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1819] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1823], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1823 [pid 1819] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1819] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1820] <... futex resumed>) = 1 [pid 1820] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 1820] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1820] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1823 attached [pid 1823] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1823] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1823] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1819] <... futex resumed>) = 0 [pid 1819] exit_group(0 [pid 1820] <... futex resumed>) = ? [pid 1819] <... exit_group resumed>) = ? [pid 1820] +++ exited with 0 +++ [pid 1823] <... futex resumed>) = ? [pid 1823] +++ exited with 0 +++ [pid 1819] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1819, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./291", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./291/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./291/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./291/binderfs") = 0 umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./291/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./291/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./291") = 0 mkdir("./292", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1824 ./strace-static-x86_64: Process 1824 attached [pid 1824] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1824] chdir("./292") = 0 [pid 1824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1824] setpgid(0, 0) = 0 [pid 1824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1824] write(3, "1000", 4) = 4 [pid 1824] close(3) = 0 [pid 1824] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1824] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1824] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1824] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1825], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1825 [pid 1824] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1824] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1825 attached [pid 1825] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1825] memfd_create("syzkaller", 0) = 3 [pid 1825] ftruncate(3, 2097152) = 0 [pid 1825] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1825] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1825] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1825] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1825] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1825] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1825] mkdir("./file0", 0777) = 0 [pid 1825] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1825] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1825] ioctl(4, LOOP_CLR_FD) = 0 [pid 1825] close(4) = 0 [pid 1825] close(3) = 0 [pid 1825] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1824] <... futex resumed>) = 0 [pid 1824] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1824] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1825] <... futex resumed>) = 1 [pid 1825] chdir("./file0") = 0 [pid 1825] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1824] <... futex resumed>) = 0 [pid 1824] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1824] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1825] <... futex resumed>) = 1 [pid 1825] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1825] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1824] <... futex resumed>) = 0 [pid 1824] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1824] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1824] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1824] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1828], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1828 [pid 1824] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1824] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1825] <... futex resumed>) = 1 [pid 1825] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 1825] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1825] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1828 attached [pid 1828] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1828] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1828] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1824] <... futex resumed>) = 0 [pid 1824] exit_group(0) = ? [pid 1825] <... futex resumed>) = ? [pid 1825] +++ exited with 0 +++ [pid 1828] <... futex resumed>) = ? [pid 1828] +++ exited with 0 +++ [pid 1824] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1824, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./292", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./292/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./292/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./292/binderfs") = 0 umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./292/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./292/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./292") = 0 mkdir("./293", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1829 ./strace-static-x86_64: Process 1829 attached [pid 1829] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1829] chdir("./293") = 0 [pid 1829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1829] setpgid(0, 0) = 0 [pid 1829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1829] write(3, "1000", 4) = 4 [pid 1829] close(3) = 0 [pid 1829] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1829] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1829] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1829] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1830], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1830 [pid 1829] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1829] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1830 attached [pid 1830] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1830] memfd_create("syzkaller", 0) = 3 [pid 1830] ftruncate(3, 2097152) = 0 [pid 1830] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1830] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1830] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1830] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1830] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1830] mkdir("./file0", 0777) = 0 [pid 1830] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1830] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1830] ioctl(4, LOOP_CLR_FD) = 0 [pid 1830] close(4) = 0 [pid 1830] close(3) = 0 [pid 1830] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1829] <... futex resumed>) = 0 [pid 1829] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1829] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1830] chdir("./file0") = 0 [pid 1830] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1829] <... futex resumed>) = 0 [pid 1829] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1829] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1830] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1830] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1829] <... futex resumed>) = 0 [pid 1829] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1829] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1829] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1829] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1833], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1833 [pid 1829] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1829] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1830] <... write resumed>) = 61 [pid 1830] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1830] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1833 attached [pid 1833] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1833] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1833] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1829] <... futex resumed>) = 0 [pid 1829] exit_group(0 [pid 1830] <... futex resumed>) = ? [pid 1829] <... exit_group resumed>) = ? [pid 1830] +++ exited with 0 +++ [pid 1833] <... futex resumed>) = ? [pid 1833] +++ exited with 0 +++ [pid 1829] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1829, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./293", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./293/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./293/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./293/binderfs") = 0 umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./293/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./293/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./293") = 0 mkdir("./294", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1834 ./strace-static-x86_64: Process 1834 attached [pid 1834] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1834] chdir("./294") = 0 [pid 1834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1834] setpgid(0, 0) = 0 [pid 1834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1834] write(3, "1000", 4) = 4 [pid 1834] close(3) = 0 [pid 1834] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1834] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1834] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1834] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1835], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1835 [pid 1834] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1834] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1835 attached [pid 1835] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1835] memfd_create("syzkaller", 0) = 3 [pid 1835] ftruncate(3, 2097152) = 0 [pid 1835] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1835] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1835] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1835] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1835] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1835] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1835] mkdir("./file0", 0777) = 0 [pid 1835] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1835] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1835] ioctl(4, LOOP_CLR_FD) = 0 [pid 1835] close(4) = 0 [pid 1835] close(3) = 0 [pid 1835] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1834] <... futex resumed>) = 0 [pid 1835] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1834] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1835] chdir("./file0" [pid 1834] <... futex resumed>) = 0 [pid 1834] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1835] <... chdir resumed>) = 0 [pid 1835] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1834] <... futex resumed>) = 0 [pid 1834] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1835] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1834] <... futex resumed>) = 0 [pid 1834] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1835] <... openat resumed>) = 3 [pid 1835] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1834] <... futex resumed>) = 0 [pid 1835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1834] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1834] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1834] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1834] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1838], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1838 [pid 1834] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1834] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1838 attached [pid 1838] set_robust_list(0x7f697cdce9e0, 24 [pid 1835] <... write resumed>) = 61 [pid 1838] <... set_robust_list resumed>) = 0 [pid 1838] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 1835] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1835] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1838] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 1838] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1834] <... futex resumed>) = 0 [pid 1838] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1834] exit_group(0) = ? [pid 1838] <... futex resumed>) = ? [pid 1838] +++ exited with 0 +++ [pid 1835] <... futex resumed>) = ? [pid 1835] +++ exited with 0 +++ [pid 1834] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1834, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./294", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./294/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./294/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./294/binderfs") = 0 umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./294/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./294/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./294") = 0 mkdir("./295", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1839 ./strace-static-x86_64: Process 1839 attached [pid 1839] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1839] chdir("./295") = 0 [pid 1839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1839] setpgid(0, 0) = 0 [pid 1839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1839] write(3, "1000", 4) = 4 [pid 1839] close(3) = 0 [pid 1839] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1839] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1839] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1839] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1840 attached , parent_tid=[1840], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1840 [pid 1839] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1839] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1840] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1840] memfd_create("syzkaller", 0) = 3 [pid 1840] ftruncate(3, 2097152) = 0 [pid 1840] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1840] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1840] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1840] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1840] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1840] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1840] mkdir("./file0", 0777) = 0 [pid 1840] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1840] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1840] ioctl(4, LOOP_CLR_FD) = 0 [pid 1840] close(4) = 0 [pid 1840] close(3) = 0 [pid 1840] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1839] <... futex resumed>) = 0 [pid 1839] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1839] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1840] <... futex resumed>) = 1 [pid 1840] chdir("./file0") = 0 [pid 1840] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1839] <... futex resumed>) = 0 [pid 1839] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1839] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1840] <... futex resumed>) = 1 [pid 1840] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1840] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1839] <... futex resumed>) = 0 [pid 1840] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1839] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1840] <... write resumed>) = 61 [pid 1839] <... futex resumed>) = 0 [pid 1840] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1839] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1840] <... futex resumed>) = 0 [pid 1839] <... futex resumed>) = 0 [pid 1840] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 1839] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1840] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 1840] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1839] <... futex resumed>) = 0 [pid 1840] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1839] exit_group(0 [pid 1840] <... futex resumed>) = ? [pid 1839] <... exit_group resumed>) = ? [pid 1840] +++ exited with 0 +++ [pid 1839] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1839, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./295", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./295/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./295/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./295/binderfs") = 0 umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./295/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./295/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./295") = 0 mkdir("./296", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1843 ./strace-static-x86_64: Process 1843 attached [pid 1843] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1843] chdir("./296") = 0 [pid 1843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1843] setpgid(0, 0) = 0 [pid 1843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1843] write(3, "1000", 4) = 4 [pid 1843] close(3) = 0 [pid 1843] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1843] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1843] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1843] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1844], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1844 [pid 1843] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1843] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1844 attached [pid 1844] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1844] memfd_create("syzkaller", 0) = 3 [pid 1844] ftruncate(3, 2097152) = 0 [pid 1844] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1844] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1844] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1844] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1844] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1844] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1844] mkdir("./file0", 0777) = 0 [pid 1844] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1844] ioctl(4, LOOP_CLR_FD) = 0 [pid 1844] close(4) = 0 [pid 1844] close(3) = 0 [pid 1844] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1843] <... futex resumed>) = 0 [pid 1843] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1843] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1844] <... futex resumed>) = 1 [pid 1844] chdir("./file0") = 0 [pid 1844] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1843] <... futex resumed>) = 0 [pid 1843] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1843] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1844] <... futex resumed>) = 1 [pid 1844] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1844] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1843] <... futex resumed>) = 0 [pid 1843] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1843] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1843] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1843] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1847], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1847 [pid 1843] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1843] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1844] <... futex resumed>) = 1 [pid 1844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 1844] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1844] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1847 attached [pid 1847] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1847] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1847] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1843] <... futex resumed>) = 0 [pid 1843] exit_group(0) = ? [pid 1844] <... futex resumed>) = ? [pid 1844] +++ exited with 0 +++ [pid 1847] <... futex resumed>) = ? [pid 1847] +++ exited with 0 +++ [pid 1843] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1843, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./296", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./296/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./296/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./296/binderfs") = 0 umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./296/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./296/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./296") = 0 mkdir("./297", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1848 ./strace-static-x86_64: Process 1848 attached [pid 1848] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1848] chdir("./297") = 0 [pid 1848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1848] setpgid(0, 0) = 0 [pid 1848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1848] write(3, "1000", 4) = 4 [pid 1848] close(3) = 0 [pid 1848] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1848] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1848] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1848] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1849], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1849 [pid 1848] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1848] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1849 attached [pid 1849] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1849] memfd_create("syzkaller", 0) = 3 [pid 1849] ftruncate(3, 2097152) = 0 [pid 1849] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1849] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1849] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1849] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1849] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1849] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1849] mkdir("./file0", 0777) = 0 [pid 1849] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1849] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1849] ioctl(4, LOOP_CLR_FD) = 0 [pid 1849] close(4) = 0 [pid 1849] close(3) = 0 [pid 1849] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1848] <... futex resumed>) = 0 [pid 1848] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1848] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1849] <... futex resumed>) = 1 [pid 1849] chdir("./file0") = 0 [pid 1849] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1848] <... futex resumed>) = 0 [pid 1848] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1848] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1849] <... futex resumed>) = 1 [pid 1849] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1849] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1848] <... futex resumed>) = 0 [pid 1848] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1848] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1848] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1848] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1852], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1852 [pid 1848] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1848] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1849] <... futex resumed>) = 1 [pid 1849] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 1849] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1849] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1852 attached [pid 1852] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1852] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1852] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1848] <... futex resumed>) = 0 [pid 1852] <... futex resumed>) = 1 [pid 1848] exit_group(0 [pid 1852] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1848] <... exit_group resumed>) = ? [pid 1849] <... futex resumed>) = ? [pid 1852] <... futex resumed>) = -1 (errno 18446744073709551414) [pid 1849] +++ exited with 0 +++ [pid 1852] +++ exited with 0 +++ [pid 1848] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1848, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./297", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./297/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./297/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./297/binderfs") = 0 umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./297/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./297/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./297") = 0 mkdir("./298", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1853 ./strace-static-x86_64: Process 1853 attached [pid 1853] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1853] chdir("./298") = 0 [pid 1853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1853] setpgid(0, 0) = 0 [pid 1853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1853] write(3, "1000", 4) = 4 [pid 1853] close(3) = 0 [pid 1853] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1853] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1853] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1853] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1853] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1854], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1854 [pid 1853] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1853] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1854 attached [pid 1854] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1854] memfd_create("syzkaller", 0) = 3 [pid 1854] ftruncate(3, 2097152) = 0 [pid 1854] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1854] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1854] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1854] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1854] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1854] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1854] mkdir("./file0", 0777) = 0 [pid 1854] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1854] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1854] ioctl(4, LOOP_CLR_FD) = 0 [pid 1854] close(4) = 0 [pid 1854] close(3) = 0 [pid 1854] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1853] <... futex resumed>) = 0 [pid 1854] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 1853] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1854] chdir("./file0" [pid 1853] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1854] <... chdir resumed>) = 0 [pid 1854] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1853] <... futex resumed>) = 0 [pid 1853] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1853] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1854] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1854] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1853] <... futex resumed>) = 0 [pid 1853] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1853] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1853] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1853] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1853] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1857 attached , parent_tid=[1857], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1857 [pid 1853] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1853] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1857] set_robust_list(0x7f697cdce9e0, 24 [pid 1854] <... write resumed>) = 61 [pid 1857] <... set_robust_list resumed>) = 0 [pid 1854] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1854] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1857] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1857] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1853] <... futex resumed>) = 0 [pid 1853] exit_group(0 [pid 1854] <... futex resumed>) = ? [pid 1853] <... exit_group resumed>) = ? [pid 1854] +++ exited with 0 +++ [pid 1857] <... futex resumed>) = ? [pid 1857] +++ exited with 0 +++ [pid 1853] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1853, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./298", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./298/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./298/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./298/binderfs") = 0 umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./298/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./298/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./298") = 0 mkdir("./299", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1858 ./strace-static-x86_64: Process 1858 attached [pid 1858] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1858] chdir("./299") = 0 [pid 1858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1858] setpgid(0, 0) = 0 [pid 1858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1858] write(3, "1000", 4) = 4 [pid 1858] close(3) = 0 [pid 1858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1858] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1858] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1858] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1859], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1859 [pid 1858] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1858] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1859 attached [pid 1859] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1859] memfd_create("syzkaller", 0) = 3 [pid 1859] ftruncate(3, 2097152) = 0 [pid 1859] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1859] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1859] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1859] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1859] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1859] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1859] mkdir("./file0", 0777) = 0 [pid 1859] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1859] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1859] ioctl(4, LOOP_CLR_FD) = 0 [pid 1859] close(4) = 0 [pid 1859] close(3) = 0 [pid 1859] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1858] <... futex resumed>) = 0 [pid 1858] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1858] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1859] <... futex resumed>) = 1 [pid 1859] chdir("./file0") = 0 [pid 1859] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1858] <... futex resumed>) = 0 [pid 1858] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1858] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1859] <... futex resumed>) = 1 [pid 1859] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1859] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1858] <... futex resumed>) = 0 [pid 1858] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1858] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1858] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1858] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1862], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1862 [pid 1858] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1859] <... futex resumed>) = 1 ./strace-static-x86_64: Process 1862 attached [pid 1858] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1862] set_robust_list(0x7f697cdce9e0, 24 [pid 1859] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1862] <... set_robust_list resumed>) = 0 [pid 1859] <... write resumed>) = 61 [pid 1862] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 1859] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1859] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1862] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 1862] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1858] <... futex resumed>) = 0 [pid 1858] exit_group(0) = ? [pid 1859] <... futex resumed>) = ? [pid 1859] +++ exited with 0 +++ [pid 1862] +++ exited with 0 +++ [pid 1858] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1858, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./299", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./299/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./299/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./299/binderfs") = 0 umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./299/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./299/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./299") = 0 mkdir("./300", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1863 ./strace-static-x86_64: Process 1863 attached [pid 1863] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1863] chdir("./300") = 0 [pid 1863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1863] setpgid(0, 0) = 0 [pid 1863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1863] write(3, "1000", 4) = 4 [pid 1863] close(3) = 0 [pid 1863] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1863] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1863] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1863] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1863] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1864], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1864 [pid 1863] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1863] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1864 attached [pid 1864] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1864] memfd_create("syzkaller", 0) = 3 [pid 1864] ftruncate(3, 2097152) = 0 [pid 1864] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1864] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1864] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1864] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1864] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1864] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1864] mkdir("./file0", 0777) = 0 [pid 1864] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1864] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1864] ioctl(4, LOOP_CLR_FD) = 0 [pid 1864] close(4) = 0 [pid 1864] close(3) = 0 [pid 1864] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1863] <... futex resumed>) = 0 [pid 1863] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1863] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1864] <... futex resumed>) = 1 [pid 1864] chdir("./file0") = 0 [pid 1864] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1863] <... futex resumed>) = 0 [pid 1863] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1863] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1864] <... futex resumed>) = 1 [pid 1864] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1864] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1863] <... futex resumed>) = 0 [pid 1864] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1863] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1864] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1863] <... futex resumed>) = 0 [pid 1863] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1864] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1863] <... futex resumed>) = 0 [pid 1863] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1863] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1863] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 1864] <... write resumed>) = 61 [pid 1864] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1864] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1867 attached [pid 1863] <... clone resumed>, parent_tid=[1867], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1867 [pid 1863] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1867] set_robust_list(0x7f697cdce9e0, 24 [pid 1863] <... futex resumed>) = 0 [pid 1867] <... set_robust_list resumed>) = 0 [pid 1863] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1867] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1867] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1863] <... futex resumed>) = 0 [pid 1867] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1863] exit_group(0 [pid 1867] <... futex resumed>) = ? [pid 1864] <... futex resumed>) = ? [pid 1863] <... exit_group resumed>) = ? [pid 1864] +++ exited with 0 +++ [pid 1867] +++ exited with 0 +++ [pid 1863] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1863, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./300", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./300/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./300/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./300/binderfs") = 0 umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./300/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./300/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./300") = 0 mkdir("./301", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1868 ./strace-static-x86_64: Process 1868 attached [pid 1868] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1868] chdir("./301") = 0 [pid 1868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1868] setpgid(0, 0) = 0 [pid 1868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1868] write(3, "1000", 4) = 4 [pid 1868] close(3) = 0 [pid 1868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1868] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1868] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1868] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1869], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1869 [pid 1868] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1868] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1869 attached [pid 1869] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1869] memfd_create("syzkaller", 0) = 3 [pid 1869] ftruncate(3, 2097152) = 0 [pid 1869] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1869] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1869] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1869] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1869] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1869] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1869] mkdir("./file0", 0777) = 0 [pid 1869] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1869] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1869] ioctl(4, LOOP_CLR_FD) = 0 [pid 1869] close(4) = 0 [pid 1869] close(3) = 0 [pid 1869] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1868] <... futex resumed>) = 0 [pid 1869] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1868] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1869] <... futex resumed>) = 0 [pid 1869] chdir("./file0" [pid 1868] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1869] <... chdir resumed>) = 0 [pid 1869] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1869] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1868] <... futex resumed>) = 0 [pid 1868] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1868] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1869] <... futex resumed>) = 0 [pid 1869] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1869] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1868] <... futex resumed>) = 0 [pid 1868] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1868] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1869] <... futex resumed>) = 1 [pid 1868] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1868] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1872 attached , parent_tid=[1872], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1872 [pid 1868] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1868] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1872] set_robust_list(0x7f697cdce9e0, 24 [pid 1869] <... write resumed>) = 61 [pid 1869] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1869] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1872] <... set_robust_list resumed>) = 0 [pid 1872] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1872] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1868] <... futex resumed>) = 0 [pid 1868] exit_group(0) = ? [pid 1869] <... futex resumed>) = ? [pid 1869] +++ exited with 0 +++ [pid 1872] <... futex resumed>) = ? [pid 1872] +++ exited with 0 +++ [pid 1868] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1868, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./301", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./301/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./301/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./301/binderfs") = 0 umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./301/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./301/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./301") = 0 mkdir("./302", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1873 ./strace-static-x86_64: Process 1873 attached [pid 1873] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1873] chdir("./302") = 0 [pid 1873] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1873] setpgid(0, 0) = 0 [pid 1873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1873] write(3, "1000", 4) = 4 [pid 1873] close(3) = 0 [pid 1873] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1873] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1873] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1873] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1874], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1874 [pid 1873] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1873] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1874 attached [pid 1874] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1874] memfd_create("syzkaller", 0) = 3 [pid 1874] ftruncate(3, 2097152) = 0 [pid 1874] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1874] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1874] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1874] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1874] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1874] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1874] mkdir("./file0", 0777) = 0 [pid 1874] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1874] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1874] ioctl(4, LOOP_CLR_FD) = 0 [pid 1874] close(4) = 0 [pid 1874] close(3) = 0 [pid 1874] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1873] <... futex resumed>) = 0 [pid 1873] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1873] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1874] <... futex resumed>) = 1 [pid 1874] chdir("./file0") = 0 [pid 1874] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1873] <... futex resumed>) = 0 [pid 1873] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1873] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1874] <... futex resumed>) = 1 [pid 1874] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1874] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1873] <... futex resumed>) = 0 [pid 1873] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1873] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1873] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1873] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1877], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1877 [pid 1873] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1873] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1874] <... futex resumed>) = 1 [pid 1874] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 1874] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1874] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1877 attached [pid 1877] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1877] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1877] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1873] <... futex resumed>) = 0 [pid 1873] exit_group(0) = ? [pid 1874] <... futex resumed>) = ? [pid 1874] +++ exited with 0 +++ [pid 1877] <... futex resumed>) = ? [pid 1877] +++ exited with 0 +++ [pid 1873] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1873, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./302", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./302/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./302/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./302/binderfs") = 0 umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./302/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./302/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./302") = 0 mkdir("./303", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1878 ./strace-static-x86_64: Process 1878 attached [pid 1878] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1878] chdir("./303") = 0 [pid 1878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1878] setpgid(0, 0) = 0 [pid 1878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1878] write(3, "1000", 4) = 4 [pid 1878] close(3) = 0 [pid 1878] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1878] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1878] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1878] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1879], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1879 [pid 1878] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1878] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1879 attached [pid 1879] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1879] memfd_create("syzkaller", 0) = 3 [pid 1879] ftruncate(3, 2097152) = 0 [pid 1879] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1879] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1879] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1879] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1879] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1879] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1879] mkdir("./file0", 0777) = 0 [pid 1879] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1879] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1879] ioctl(4, LOOP_CLR_FD) = 0 [pid 1879] close(4) = 0 [pid 1879] close(3) = 0 [pid 1879] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1878] <... futex resumed>) = 0 [pid 1879] chdir("./file0" [pid 1878] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1878] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1879] <... chdir resumed>) = 0 [pid 1879] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1879] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1878] <... futex resumed>) = 0 [pid 1878] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1879] <... futex resumed>) = 0 [pid 1878] <... futex resumed>) = 1 [pid 1879] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1878] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1879] <... openat resumed>) = 3 [pid 1879] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1878] <... futex resumed>) = 0 [pid 1879] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1878] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1879] <... write resumed>) = 61 [pid 1878] <... futex resumed>) = 0 [pid 1879] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1878] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1879] <... futex resumed>) = 0 [pid 1878] <... futex resumed>) = 0 [pid 1879] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1878] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1878] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1882], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1882 [pid 1878] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1878] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1882 attached [pid 1882] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1882] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1882] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1878] <... futex resumed>) = 0 [pid 1878] exit_group(0 [pid 1879] <... futex resumed>) = ? [pid 1878] <... exit_group resumed>) = ? [pid 1879] +++ exited with 0 +++ [pid 1882] <... futex resumed>) = ? [pid 1882] +++ exited with 0 +++ [pid 1878] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1878, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./303", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./303/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./303/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./303/binderfs") = 0 umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./303/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./303/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./303") = 0 mkdir("./304", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1883 ./strace-static-x86_64: Process 1883 attached [pid 1883] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1883] chdir("./304") = 0 [pid 1883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1883] setpgid(0, 0) = 0 [pid 1883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1883] write(3, "1000", 4) = 4 [pid 1883] close(3) = 0 [pid 1883] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1883] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1883] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1883] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1884], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1884 [pid 1883] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1883] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1884 attached [pid 1884] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1884] memfd_create("syzkaller", 0) = 3 [pid 1884] ftruncate(3, 2097152) = 0 [pid 1884] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1884] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1884] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1884] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1884] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1884] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1884] mkdir("./file0", 0777) = 0 [pid 1884] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1884] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1884] ioctl(4, LOOP_CLR_FD) = 0 [pid 1884] close(4) = 0 [pid 1884] close(3) = 0 [pid 1884] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1883] <... futex resumed>) = 0 [pid 1883] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1883] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1884] <... futex resumed>) = 1 [pid 1884] chdir("./file0") = 0 [pid 1884] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1883] <... futex resumed>) = 0 [pid 1883] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1883] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1884] <... futex resumed>) = 1 [pid 1884] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1884] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1883] <... futex resumed>) = 0 [pid 1883] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1883] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1883] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1883] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1887], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1887 [pid 1883] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1883] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1884] <... futex resumed>) = 1 [pid 1884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 1884] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1884] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1887 attached [pid 1887] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1887] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1887] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1883] <... futex resumed>) = 0 [pid 1887] <... futex resumed>) = 1 [pid 1883] exit_group(0 [pid 1884] <... futex resumed>) = ? [pid 1883] <... exit_group resumed>) = ? [pid 1884] +++ exited with 0 +++ [pid 1887] +++ exited with 0 +++ [pid 1883] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1883, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./304", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./304/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./304/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./304/binderfs") = 0 umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./304/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./304/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./304") = 0 mkdir("./305", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1888 ./strace-static-x86_64: Process 1888 attached [pid 1888] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1888] chdir("./305") = 0 [pid 1888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1888] setpgid(0, 0) = 0 [pid 1888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1888] write(3, "1000", 4) = 4 [pid 1888] close(3) = 0 [pid 1888] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1888] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1888] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1888] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1889], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1889 [pid 1888] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1888] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1889 attached [pid 1889] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1889] memfd_create("syzkaller", 0) = 3 [pid 1889] ftruncate(3, 2097152) = 0 [pid 1889] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1889] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1889] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1889] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1889] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1889] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1889] mkdir("./file0", 0777) = 0 [pid 1889] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1889] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1889] ioctl(4, LOOP_CLR_FD) = 0 [pid 1889] close(4) = 0 [pid 1889] close(3) = 0 [pid 1889] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1888] <... futex resumed>) = 0 [pid 1888] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1888] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1889] <... futex resumed>) = 1 [pid 1889] chdir("./file0") = 0 [pid 1889] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1888] <... futex resumed>) = 0 [pid 1888] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1888] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1889] <... futex resumed>) = 1 [pid 1889] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1889] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1888] <... futex resumed>) = 0 [pid 1888] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1888] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1888] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1888] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1892], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1892 [pid 1888] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1888] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1889] <... futex resumed>) = 1 [pid 1889] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 1889] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1889] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1892 attached [pid 1892] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1892] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1892] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1888] <... futex resumed>) = 0 [pid 1888] exit_group(0) = ? [pid 1889] <... futex resumed>) = ? [pid 1889] +++ exited with 0 +++ [pid 1892] <... futex resumed>) = ? [pid 1892] +++ exited with 0 +++ [pid 1888] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1888, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./305", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./305", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./305/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./305/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./305/binderfs") = 0 umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./305/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./305/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./305/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./305") = 0 mkdir("./306", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1893 ./strace-static-x86_64: Process 1893 attached [pid 1893] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1893] chdir("./306") = 0 [pid 1893] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1893] setpgid(0, 0) = 0 [pid 1893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1893] write(3, "1000", 4) = 4 [pid 1893] close(3) = 0 [pid 1893] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1893] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1893] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1893] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1894], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1894 [pid 1893] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1893] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1894 attached [pid 1894] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1894] memfd_create("syzkaller", 0) = 3 [pid 1894] ftruncate(3, 2097152) = 0 [pid 1894] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1894] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1894] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1894] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1894] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1894] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1894] mkdir("./file0", 0777) = 0 [pid 1894] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1894] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1894] ioctl(4, LOOP_CLR_FD) = 0 [pid 1894] close(4) = 0 [pid 1894] close(3) = 0 [pid 1894] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1893] <... futex resumed>) = 0 [pid 1893] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1893] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1894] <... futex resumed>) = 1 [pid 1894] chdir("./file0") = 0 [pid 1894] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1893] <... futex resumed>) = 0 [pid 1893] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1893] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1894] <... futex resumed>) = 1 [pid 1894] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1894] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1893] <... futex resumed>) = 0 [pid 1893] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1893] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1893] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1893] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1897], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1897 [pid 1893] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1893] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1894] <... futex resumed>) = 1 [pid 1894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 1894] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1894] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1897 attached [pid 1897] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1897] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1897] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1893] <... futex resumed>) = 0 [pid 1893] exit_group(0 [pid 1894] <... futex resumed>) = ? [pid 1893] <... exit_group resumed>) = ? [pid 1894] +++ exited with 0 +++ [pid 1897] <... futex resumed>) = ? [pid 1897] +++ exited with 0 +++ [pid 1893] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1893, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./306", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./306", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./306/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./306/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./306/binderfs") = 0 umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./306/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./306/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./306/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./306") = 0 mkdir("./307", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1898 ./strace-static-x86_64: Process 1898 attached [pid 1898] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1898] chdir("./307") = 0 [pid 1898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1898] setpgid(0, 0) = 0 [pid 1898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1898] write(3, "1000", 4) = 4 [pid 1898] close(3) = 0 [pid 1898] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1898] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1898] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1898] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1899], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1899 ./strace-static-x86_64: Process 1899 attached [pid 1898] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1899] set_robust_list(0x7f697cdef9e0, 24 [pid 1898] <... futex resumed>) = 0 [pid 1899] <... set_robust_list resumed>) = 0 [pid 1898] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1899] memfd_create("syzkaller", 0) = 3 [pid 1899] ftruncate(3, 2097152) = 0 [pid 1899] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1899] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1899] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1899] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1899] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1899] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1899] mkdir("./file0", 0777) = 0 [pid 1899] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1899] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1899] ioctl(4, LOOP_CLR_FD) = 0 [pid 1899] close(4) = 0 [pid 1899] close(3) = 0 [pid 1899] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1898] <... futex resumed>) = 0 [pid 1899] <... futex resumed>) = 1 [pid 1898] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1899] chdir("./file0" [pid 1898] <... futex resumed>) = 0 [pid 1898] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1899] <... chdir resumed>) = 0 [pid 1899] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1898] <... futex resumed>) = 0 [pid 1899] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1898] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1898] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1899] <... openat resumed>) = 3 [pid 1899] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1898] <... futex resumed>) = 0 [pid 1899] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1898] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1898] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1899] <... write resumed>) = 61 [pid 1898] <... mmap resumed>) = 0x7f697cdae000 [pid 1898] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 1899] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1898] <... mprotect resumed>) = 0 [pid 1899] <... futex resumed>) = 0 [pid 1898] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 1899] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1902 attached [pid 1902] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1902] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1898] <... clone resumed>, parent_tid=[1902], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1902 [pid 1898] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1902] <... futex resumed>) = 0 [pid 1902] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 1898] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1902] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 1902] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1902] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1898] exit_group(0) = ? [pid 1902] <... futex resumed>) = ? [pid 1902] +++ exited with 0 +++ [pid 1899] <... futex resumed>) = ? [pid 1899] +++ exited with 0 +++ [pid 1898] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1898, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./307", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./307", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./307/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./307/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./307/binderfs") = 0 umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./307/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./307/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./307/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./307") = 0 mkdir("./308", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1903 ./strace-static-x86_64: Process 1903 attached [pid 1903] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1903] chdir("./308") = 0 [pid 1903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1903] setpgid(0, 0) = 0 [pid 1903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1903] write(3, "1000", 4) = 4 [pid 1903] close(3) = 0 [pid 1903] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1903] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1903] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1903] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1904], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1904 [pid 1903] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1903] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1904 attached [pid 1904] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1904] memfd_create("syzkaller", 0) = 3 [pid 1904] ftruncate(3, 2097152) = 0 [pid 1904] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1904] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1904] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1904] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1904] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1904] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1904] mkdir("./file0", 0777) = 0 [pid 1904] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1904] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1904] ioctl(4, LOOP_CLR_FD) = 0 [pid 1904] close(4) = 0 [pid 1904] close(3) = 0 [pid 1904] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1903] <... futex resumed>) = 0 [pid 1904] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1903] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1904] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1903] <... futex resumed>) = 0 [pid 1904] chdir("./file0" [pid 1903] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1904] <... chdir resumed>) = 0 [pid 1904] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1903] <... futex resumed>) = 0 [pid 1904] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1903] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1904] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1903] <... futex resumed>) = 0 [pid 1904] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1903] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1904] <... openat resumed>) = 3 [pid 1904] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1904] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1903] <... futex resumed>) = 0 [pid 1903] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1903] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1903] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1903] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1907 attached , parent_tid=[1907], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1907 [pid 1903] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1903] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1907] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1904] <... futex resumed>) = 0 [pid 1904] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1907] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 1904] <... write resumed>) = 61 [pid 1904] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1904] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1907] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 1907] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1903] <... futex resumed>) = 0 [pid 1903] exit_group(0) = ? [pid 1904] <... futex resumed>) = ? [pid 1904] +++ exited with 0 +++ [pid 1907] <... futex resumed>) = ? [pid 1907] +++ exited with 0 +++ [pid 1903] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1903, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./308", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./308", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./308/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./308/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./308/binderfs") = 0 umount2("./308/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./308/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./308/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./308/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./308/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./308/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./308") = 0 mkdir("./309", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1908 ./strace-static-x86_64: Process 1908 attached [pid 1908] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1908] chdir("./309") = 0 [pid 1908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1908] setpgid(0, 0) = 0 [pid 1908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1908] write(3, "1000", 4) = 4 [pid 1908] close(3) = 0 [pid 1908] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1908] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1908] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1908] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1909], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1909 [pid 1908] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1908] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1909 attached [pid 1909] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1909] memfd_create("syzkaller", 0) = 3 [pid 1909] ftruncate(3, 2097152) = 0 [pid 1909] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1909] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1909] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1909] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1909] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1909] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1909] mkdir("./file0", 0777) = 0 [pid 1909] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1909] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1909] ioctl(4, LOOP_CLR_FD) = 0 [pid 1909] close(4) = 0 [pid 1909] close(3) = 0 [pid 1909] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1908] <... futex resumed>) = 0 [pid 1909] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1908] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1909] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1908] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1909] chdir("./file0") = 0 [pid 1909] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1908] <... futex resumed>) = 0 [pid 1908] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1909] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1908] <... futex resumed>) = 0 [pid 1908] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1909] <... openat resumed>) = 3 [pid 1909] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1908] <... futex resumed>) = 0 [pid 1908] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1909] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1908] <... futex resumed>) = 0 [pid 1908] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1909] <... write resumed>) = 61 [pid 1908] <... futex resumed>) = 0 [pid 1909] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1909] <... futex resumed>) = 0 [pid 1908] <... mmap resumed>) = 0x7f697cdae000 [pid 1908] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 1909] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1908] <... mprotect resumed>) = 0 [pid 1908] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1912], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1912 ./strace-static-x86_64: Process 1912 attached [pid 1908] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1912] set_robust_list(0x7f697cdce9e0, 24 [pid 1908] <... futex resumed>) = 0 [pid 1912] <... set_robust_list resumed>) = 0 [pid 1912] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 1908] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1912] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 1912] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1908] <... futex resumed>) = 0 [pid 1912] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1908] exit_group(0) = ? [pid 1912] <... futex resumed>) = ? [pid 1909] <... futex resumed>) = ? [pid 1909] +++ exited with 0 +++ [pid 1912] +++ exited with 0 +++ [pid 1908] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1908, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./309", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./309", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./309/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./309/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./309/binderfs") = 0 umount2("./309/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./309/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./309/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./309/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./309/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./309/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./309") = 0 mkdir("./310", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1913 ./strace-static-x86_64: Process 1913 attached [pid 1913] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1913] chdir("./310") = 0 [pid 1913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1913] setpgid(0, 0) = 0 [pid 1913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1913] write(3, "1000", 4) = 4 [pid 1913] close(3) = 0 [pid 1913] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1913] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1913] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1913] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1914], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1914 [pid 1913] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1913] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1914 attached [pid 1914] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1914] memfd_create("syzkaller", 0) = 3 [pid 1914] ftruncate(3, 2097152) = 0 [pid 1914] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1914] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1914] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1914] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1914] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1914] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1914] mkdir("./file0", 0777) = 0 [pid 1914] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1914] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1914] ioctl(4, LOOP_CLR_FD) = 0 [pid 1914] close(4) = 0 [pid 1914] close(3) = 0 [pid 1914] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1913] <... futex resumed>) = 0 [pid 1913] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1914] chdir("./file0" [pid 1913] <... futex resumed>) = 0 [pid 1913] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1914] <... chdir resumed>) = 0 [pid 1914] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1913] <... futex resumed>) = 0 [pid 1913] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1914] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1913] <... futex resumed>) = 0 [pid 1913] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1914] <... openat resumed>) = 3 [pid 1914] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1913] <... futex resumed>) = 0 [pid 1913] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1913] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1914] <... write resumed>) = 61 [pid 1913] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 1914] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1913] <... mprotect resumed>) = 0 [pid 1913] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1917], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1917 [pid 1914] <... futex resumed>) = 0 [pid 1913] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1914] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1913] <... futex resumed>) = 0 [pid 1913] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1917 attached [pid 1917] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1917] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1917] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1913] <... futex resumed>) = 0 [pid 1913] exit_group(0) = ? [pid 1914] <... futex resumed>) = ? [pid 1914] +++ exited with 0 +++ [pid 1917] <... futex resumed>) = ? [pid 1917] +++ exited with 0 +++ [pid 1913] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1913, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./310", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./310", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./310/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./310/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./310/binderfs") = 0 umount2("./310/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./310/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./310/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./310/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./310/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./310/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./310") = 0 mkdir("./311", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1918 ./strace-static-x86_64: Process 1918 attached [pid 1918] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1918] chdir("./311") = 0 [pid 1918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1918] setpgid(0, 0) = 0 [pid 1918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1918] write(3, "1000", 4) = 4 [pid 1918] close(3) = 0 [pid 1918] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1918] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1918] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1918] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1919], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1919 [pid 1918] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1918] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1919 attached [pid 1919] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1919] memfd_create("syzkaller", 0) = 3 [pid 1919] ftruncate(3, 2097152) = 0 [pid 1919] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1919] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1919] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1919] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1919] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1919] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1919] mkdir("./file0", 0777) = 0 [pid 1919] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1919] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1919] ioctl(4, LOOP_CLR_FD) = 0 [pid 1919] close(4) = 0 [pid 1919] close(3) = 0 [pid 1919] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1919] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1918] <... futex resumed>) = 0 [pid 1918] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1918] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1919] <... futex resumed>) = 0 [pid 1919] chdir("./file0") = 0 [pid 1919] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1918] <... futex resumed>) = 0 [pid 1918] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1918] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1919] <... futex resumed>) = 1 [pid 1919] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1919] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1918] <... futex resumed>) = 0 [pid 1918] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1918] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1918] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1918] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1922], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1922 [pid 1918] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1918] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1919] <... futex resumed>) = 1 [pid 1919] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 1919] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1919] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1922 attached [pid 1922] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1922] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1922] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1918] <... futex resumed>) = 0 [pid 1918] exit_group(0 [pid 1919] <... futex resumed>) = ? [pid 1918] <... exit_group resumed>) = ? [pid 1919] +++ exited with 0 +++ [pid 1922] <... futex resumed>) = ? [pid 1922] +++ exited with 0 +++ [pid 1918] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1918, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./311", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./311", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./311/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./311/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./311/binderfs") = 0 umount2("./311/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./311/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./311/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./311/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./311/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./311/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./311") = 0 mkdir("./312", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1923 ./strace-static-x86_64: Process 1923 attached [pid 1923] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1923] chdir("./312") = 0 [pid 1923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1923] setpgid(0, 0) = 0 [pid 1923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1923] write(3, "1000", 4) = 4 [pid 1923] close(3) = 0 [pid 1923] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1923] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1923] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1923] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1924], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1924 [pid 1923] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1923] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1924 attached [pid 1924] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1924] memfd_create("syzkaller", 0) = 3 [pid 1924] ftruncate(3, 2097152) = 0 [pid 1924] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1924] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1924] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1924] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1924] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1924] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1924] mkdir("./file0", 0777) = 0 [pid 1924] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1924] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1924] ioctl(4, LOOP_CLR_FD) = 0 [pid 1924] close(4) = 0 [pid 1924] close(3) = 0 [pid 1924] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1923] <... futex resumed>) = 0 [pid 1924] chdir("./file0" [pid 1923] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1924] <... chdir resumed>) = 0 [pid 1923] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1924] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1923] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1924] <... futex resumed>) = 0 [pid 1923] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1924] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1923] <... futex resumed>) = 0 [pid 1923] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1924] <... openat resumed>) = 3 [pid 1924] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1924] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1923] <... futex resumed>) = 0 [pid 1923] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1924] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1924] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1923] <... futex resumed>) = 0 [pid 1923] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1924] <... write resumed>) = 61 [pid 1924] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1923] <... mmap resumed>) = 0x7f697cdae000 [pid 1923] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 1924] <... futex resumed>) = 0 [pid 1923] <... mprotect resumed>) = 0 [pid 1923] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 1924] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1923] <... clone resumed>, parent_tid=[1927], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1927 [pid 1923] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1923] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1927 attached [pid 1927] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1927] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1927] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1923] <... futex resumed>) = 0 [pid 1927] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1923] exit_group(0) = ? [pid 1927] <... futex resumed>) = ? [pid 1924] <... futex resumed>) = ? [pid 1924] +++ exited with 0 +++ [pid 1927] +++ exited with 0 +++ [pid 1923] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1923, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./312", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./312", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./312/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./312/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./312/binderfs") = 0 umount2("./312/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./312/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./312/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./312/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./312/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./312/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./312") = 0 mkdir("./313", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1928 ./strace-static-x86_64: Process 1928 attached [pid 1928] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1928] chdir("./313") = 0 [pid 1928] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1928] setpgid(0, 0) = 0 [pid 1928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1928] write(3, "1000", 4) = 4 [pid 1928] close(3) = 0 [pid 1928] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1928] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1928] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1928] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1928] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1929], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1929 [pid 1928] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1928] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1929 attached [pid 1929] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1929] memfd_create("syzkaller", 0) = 3 [pid 1929] ftruncate(3, 2097152) = 0 [pid 1929] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1929] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1929] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1929] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1929] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1929] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1929] mkdir("./file0", 0777) = 0 [pid 1929] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1929] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1929] ioctl(4, LOOP_CLR_FD) = 0 [pid 1929] close(4) = 0 [pid 1929] close(3) = 0 [pid 1929] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1928] <... futex resumed>) = 0 [pid 1928] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1928] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1929] <... futex resumed>) = 1 [pid 1929] chdir("./file0") = 0 [pid 1929] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1928] <... futex resumed>) = 0 [pid 1928] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1928] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1929] <... futex resumed>) = 1 [pid 1929] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1929] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1928] <... futex resumed>) = 0 [pid 1928] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1928] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1928] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1928] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1928] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1932], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1932 [pid 1928] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1928] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1929] <... futex resumed>) = 1 [pid 1929] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 1929] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1929] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1932 attached [pid 1932] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1932] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1932] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1928] <... futex resumed>) = 0 [pid 1928] exit_group(0) = ? [pid 1929] <... futex resumed>) = ? [pid 1929] +++ exited with 0 +++ [pid 1932] <... futex resumed>) = ? [pid 1932] +++ exited with 0 +++ [pid 1928] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1928, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./313", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./313", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./313/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./313/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./313/binderfs") = 0 umount2("./313/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./313/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./313/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./313/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./313/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./313/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./313") = 0 mkdir("./314", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1933 ./strace-static-x86_64: Process 1933 attached [pid 1933] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1933] chdir("./314") = 0 [pid 1933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1933] setpgid(0, 0) = 0 [pid 1933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1933] write(3, "1000", 4) = 4 [pid 1933] close(3) = 0 [pid 1933] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1933] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1933] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1933] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1934 attached , parent_tid=[1934], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1934 [pid 1934] set_robust_list(0x7f697cdef9e0, 24 [pid 1933] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1934] <... set_robust_list resumed>) = 0 [pid 1934] memfd_create("syzkaller", 0) = 3 [pid 1933] <... futex resumed>) = 0 [pid 1934] ftruncate(3, 2097152) = 0 [pid 1934] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1934] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1933] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1934] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1934] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1934] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1934] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1934] mkdir("./file0", 0777) = 0 [pid 1934] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1934] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1934] ioctl(4, LOOP_CLR_FD) = 0 [pid 1934] close(4) = 0 [pid 1934] close(3) = 0 [pid 1934] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1934] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1933] <... futex resumed>) = 0 [pid 1933] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1933] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1934] <... futex resumed>) = 0 [pid 1934] chdir("./file0") = 0 [pid 1934] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1933] <... futex resumed>) = 0 [pid 1933] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1933] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1934] <... futex resumed>) = 1 [pid 1934] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1934] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1933] <... futex resumed>) = 0 [pid 1933] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1933] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1933] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1933] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1937 attached , parent_tid=[1937], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1937 [pid 1937] set_robust_list(0x7f697cdce9e0, 24 [pid 1933] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1937] <... set_robust_list resumed>) = 0 [pid 1933] <... futex resumed>) = 0 [pid 1937] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 1933] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1934] <... futex resumed>) = 1 [pid 1937] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 1934] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1937] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1933] <... futex resumed>) = 0 [pid 1937] <... futex resumed>) = 1 [pid 1937] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1934] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 1934] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1934] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1933] exit_group(0) = ? [pid 1937] <... futex resumed>) = ? [pid 1934] <... futex resumed>) = ? [pid 1934] +++ exited with 0 +++ [pid 1937] +++ exited with 0 +++ [pid 1933] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1933, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./314", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./314", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./314/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./314/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./314/binderfs") = 0 umount2("./314/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./314/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./314/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./314/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./314/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./314/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./314") = 0 mkdir("./315", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1938 ./strace-static-x86_64: Process 1938 attached [pid 1938] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1938] chdir("./315") = 0 [pid 1938] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1938] setpgid(0, 0) = 0 [pid 1938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1938] write(3, "1000", 4) = 4 [pid 1938] close(3) = 0 [pid 1938] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1938] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1938] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1938] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1939], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1939 [pid 1938] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1938] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1939 attached [pid 1939] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1939] memfd_create("syzkaller", 0) = 3 [pid 1939] ftruncate(3, 2097152) = 0 [pid 1939] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1939] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1939] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1939] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1939] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1939] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1939] mkdir("./file0", 0777) = 0 [pid 1939] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1939] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1939] ioctl(4, LOOP_CLR_FD) = 0 [pid 1939] close(4) = 0 [pid 1939] close(3) = 0 [pid 1939] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1938] <... futex resumed>) = 0 [pid 1938] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1939] chdir("./file0" [pid 1938] <... futex resumed>) = 0 [pid 1938] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1939] <... chdir resumed>) = 0 [pid 1939] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1938] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1939] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1938] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1939] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1939] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1938] <... futex resumed>) = 0 [pid 1938] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1939] <... openat resumed>) = 3 [pid 1939] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1938] <... futex resumed>) = 0 [pid 1939] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1938] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1939] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1938] <... futex resumed>) = 0 [pid 1939] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 1938] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1939] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1939] <... futex resumed>) = 0 [pid 1939] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1938] <... mmap resumed>) = 0x7f697cdae000 [pid 1938] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1938] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1942], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1942 [pid 1938] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1938] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1942 attached [pid 1942] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1942] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1942] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1938] <... futex resumed>) = 0 [pid 1938] exit_group(0 [pid 1939] <... futex resumed>) = ? [pid 1938] <... exit_group resumed>) = ? [pid 1939] +++ exited with 0 +++ [pid 1942] <... futex resumed>) = ? [pid 1942] +++ exited with 0 +++ [pid 1938] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1938, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./315", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./315", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./315/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./315/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./315/binderfs") = 0 umount2("./315/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./315/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./315/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./315/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./315/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./315/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./315") = 0 mkdir("./316", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1943 ./strace-static-x86_64: Process 1943 attached [pid 1943] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1943] chdir("./316") = 0 [pid 1943] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1943] setpgid(0, 0) = 0 [pid 1943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1943] write(3, "1000", 4) = 4 [pid 1943] close(3) = 0 [pid 1943] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1943] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1943] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1943] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1944], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1944 [pid 1943] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1943] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1944 attached [pid 1944] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1944] memfd_create("syzkaller", 0) = 3 [pid 1944] ftruncate(3, 2097152) = 0 [pid 1944] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1944] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1944] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1944] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1944] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1944] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1944] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1944] mkdir("./file0", 0777) = 0 [pid 1944] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1944] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1944] ioctl(4, LOOP_CLR_FD) = 0 [pid 1944] close(4) = 0 [pid 1944] close(3) = 0 [pid 1944] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1943] <... futex resumed>) = 0 [pid 1943] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1943] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1944] chdir("./file0") = 0 [pid 1944] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1943] <... futex resumed>) = 0 [pid 1943] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1943] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1944] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1944] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1943] <... futex resumed>) = 0 [pid 1943] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1943] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1944] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1943] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 1944] <... write resumed>) = 61 [pid 1943] <... mprotect resumed>) = 0 [pid 1944] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1943] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1947 attached [pid 1944] <... futex resumed>) = 0 [pid 1944] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1943] <... clone resumed>, parent_tid=[1947], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1947 [pid 1943] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1943] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1947] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1947] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1947] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1943] <... futex resumed>) = 0 [pid 1943] exit_group(0 [pid 1947] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1943] <... exit_group resumed>) = ? [pid 1944] <... futex resumed>) = ? [pid 1944] +++ exited with 0 +++ [pid 1947] <... futex resumed>) = ? [pid 1947] +++ exited with 0 +++ [pid 1943] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1943, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./316", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./316", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./316/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./316/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./316/binderfs") = 0 umount2("./316/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./316/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./316/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./316/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./316/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./316/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./316") = 0 mkdir("./317", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1948 ./strace-static-x86_64: Process 1948 attached [pid 1948] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1948] chdir("./317") = 0 [pid 1948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1948] setpgid(0, 0) = 0 [pid 1948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1948] write(3, "1000", 4) = 4 [pid 1948] close(3) = 0 [pid 1948] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1948] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1948] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1948] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1949], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1949 [pid 1948] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1948] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1949 attached [pid 1949] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1949] memfd_create("syzkaller", 0) = 3 [pid 1949] ftruncate(3, 2097152) = 0 [pid 1949] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1949] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1949] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1949] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1949] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1949] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1949] mkdir("./file0", 0777) = 0 [pid 1949] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1949] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1949] ioctl(4, LOOP_CLR_FD) = 0 [pid 1949] close(4) = 0 [pid 1949] close(3) = 0 [pid 1949] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1948] <... futex resumed>) = 0 [pid 1948] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1948] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1949] <... futex resumed>) = 1 [pid 1949] chdir("./file0") = 0 [pid 1949] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1948] <... futex resumed>) = 0 [pid 1948] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1948] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1949] <... futex resumed>) = 1 [pid 1949] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1949] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1948] <... futex resumed>) = 0 [pid 1948] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1948] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1948] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1948] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1952], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1952 [pid 1948] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1948] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1952 attached [pid 1952] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1952] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1952] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1948] <... futex resumed>) = 0 [pid 1952] <... futex resumed>) = 1 [pid 1952] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = -1 ENOSPC (No space left on device) [pid 1949] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1949] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1948] exit_group(0) = ? [pid 1949] <... futex resumed>) = ? [pid 1949] +++ exited with 0 +++ [pid 1952] <... futex resumed>) = ? [pid 1952] +++ exited with 0 +++ [pid 1948] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1948, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./317", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./317", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./317/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./317/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./317/binderfs") = 0 umount2("./317/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./317/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./317/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./317/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./317/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./317/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./317") = 0 mkdir("./318", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1953 ./strace-static-x86_64: Process 1953 attached [pid 1953] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1953] chdir("./318") = 0 [pid 1953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1953] setpgid(0, 0) = 0 [pid 1953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1953] write(3, "1000", 4) = 4 [pid 1953] close(3) = 0 [pid 1953] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1953] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1953] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1953] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1954], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1954 [pid 1953] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1953] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1954 attached [pid 1954] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1954] memfd_create("syzkaller", 0) = 3 [pid 1954] ftruncate(3, 2097152) = 0 [pid 1954] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1954] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1954] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1954] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1954] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1954] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1954] mkdir("./file0", 0777) = 0 [pid 1954] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1954] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1954] ioctl(4, LOOP_CLR_FD) = 0 [pid 1954] close(4) = 0 [pid 1954] close(3) = 0 [pid 1954] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1953] <... futex resumed>) = 0 [pid 1954] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1953] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1953] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1954] <... futex resumed>) = 0 [pid 1954] chdir("./file0") = 0 [pid 1954] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1953] <... futex resumed>) = 0 [pid 1954] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1953] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1954] <... openat resumed>) = 3 [pid 1953] <... futex resumed>) = 0 [pid 1954] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1954] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1953] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1953] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1954] <... futex resumed>) = 0 [pid 1953] <... futex resumed>) = 1 [pid 1954] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1953] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1954] <... write resumed>) = 61 [pid 1953] <... futex resumed>) = 0 [pid 1954] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1954] <... futex resumed>) = 0 [pid 1953] <... mmap resumed>) = 0x7f697cdae000 [pid 1954] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1953] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1953] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1957 attached , parent_tid=[1957], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1957 [pid 1953] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1953] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1957] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1957] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1957] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1953] <... futex resumed>) = 0 [pid 1953] exit_group(0 [pid 1954] <... futex resumed>) = ? [pid 1953] <... exit_group resumed>) = ? [pid 1954] +++ exited with 0 +++ [pid 1957] <... futex resumed>) = ? [pid 1957] +++ exited with 0 +++ [pid 1953] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1953, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./318", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./318", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./318/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./318/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./318/binderfs") = 0 umount2("./318/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./318/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./318/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./318/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./318/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./318/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./318") = 0 mkdir("./319", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1958 ./strace-static-x86_64: Process 1958 attached [pid 1958] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1958] chdir("./319") = 0 [pid 1958] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1958] setpgid(0, 0) = 0 [pid 1958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1958] write(3, "1000", 4) = 4 [pid 1958] close(3) = 0 [pid 1958] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1958] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1958] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1958] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1958] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1959], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1959 [pid 1958] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1958] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1959 attached [pid 1959] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1959] memfd_create("syzkaller", 0) = 3 [pid 1959] ftruncate(3, 2097152) = 0 [pid 1959] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1959] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1959] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1959] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1959] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1959] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1959] mkdir("./file0", 0777) = 0 [pid 1959] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1959] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1959] ioctl(4, LOOP_CLR_FD) = 0 [pid 1959] close(4) = 0 [pid 1959] close(3) = 0 [pid 1959] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1958] <... futex resumed>) = 0 [pid 1959] chdir("./file0" [pid 1958] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1959] <... chdir resumed>) = 0 [pid 1958] <... futex resumed>) = 0 [pid 1959] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1958] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1959] <... futex resumed>) = 0 [pid 1958] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1959] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1958] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1958] <... futex resumed>) = 0 [pid 1959] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1958] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1959] <... openat resumed>) = 3 [pid 1959] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1958] <... futex resumed>) = 0 [pid 1958] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1959] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1958] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1958] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1958] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1958] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 1959] <... write resumed>) = 61 [pid 1958] <... clone resumed>, parent_tid=[1962], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1962 [pid 1958] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1959] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1958] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1959] <... futex resumed>) = 0 [pid 1959] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1962 attached [pid 1962] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1962] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1962] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1958] <... futex resumed>) = 0 [pid 1962] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1958] exit_group(0) = ? [pid 1959] <... futex resumed>) = ? [pid 1962] <... futex resumed>) = ? [pid 1962] +++ exited with 0 +++ [pid 1959] +++ exited with 0 +++ [pid 1958] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1958, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./319", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./319", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./319/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./319/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./319/binderfs") = 0 umount2("./319/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./319/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./319/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./319/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./319/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./319/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./319") = 0 mkdir("./320", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1963 ./strace-static-x86_64: Process 1963 attached [pid 1963] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1963] chdir("./320") = 0 [pid 1963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1963] setpgid(0, 0) = 0 [pid 1963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1963] write(3, "1000", 4) = 4 [pid 1963] close(3) = 0 [pid 1963] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1963] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1963] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1963] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1964], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1964 [pid 1963] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1963] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1964 attached [pid 1964] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1964] memfd_create("syzkaller", 0) = 3 [pid 1964] ftruncate(3, 2097152) = 0 [pid 1964] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1964] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1964] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1964] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1964] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1964] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1964] mkdir("./file0", 0777) = 0 [pid 1964] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1964] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1964] ioctl(4, LOOP_CLR_FD) = 0 [pid 1964] close(4) = 0 [pid 1964] close(3) = 0 [pid 1964] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1963] <... futex resumed>) = 0 [pid 1963] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1963] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1964] chdir("./file0") = 0 [pid 1964] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1963] <... futex resumed>) = 0 [pid 1963] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1963] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1964] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1964] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1963] <... futex resumed>) = 0 [pid 1963] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1963] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1963] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1963] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1967], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1967 [pid 1963] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1963] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1967 attached [pid 1967] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1967] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 1964] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1967] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 1967] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1963] <... futex resumed>) = 0 [pid 1967] <... futex resumed>) = 1 [pid 1967] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1964] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 1964] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1964] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1963] exit_group(0) = ? [pid 1964] <... futex resumed>) = ? [pid 1964] +++ exited with 0 +++ [pid 1967] <... futex resumed>) = ? [pid 1967] +++ exited with 0 +++ [pid 1963] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1963, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./320", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./320", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./320/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./320/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./320/binderfs") = 0 umount2("./320/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./320/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./320/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./320/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./320/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./320/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./320") = 0 mkdir("./321", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1968 ./strace-static-x86_64: Process 1968 attached [pid 1968] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1968] chdir("./321") = 0 [pid 1968] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1968] setpgid(0, 0) = 0 [pid 1968] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1968] write(3, "1000", 4) = 4 [pid 1968] close(3) = 0 [pid 1968] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1968] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1968] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1968] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1969], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1969 [pid 1968] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1968] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1969 attached [pid 1969] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1969] memfd_create("syzkaller", 0) = 3 [pid 1969] ftruncate(3, 2097152) = 0 [pid 1969] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1969] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1969] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1969] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1969] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1969] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1969] mkdir("./file0", 0777) = 0 [pid 1969] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1969] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1969] ioctl(4, LOOP_CLR_FD) = 0 [pid 1969] close(4) = 0 [pid 1969] close(3) = 0 [pid 1969] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1968] <... futex resumed>) = 0 [pid 1969] chdir("./file0" [pid 1968] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1969] <... chdir resumed>) = 0 [pid 1969] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1968] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1969] <... futex resumed>) = 0 [pid 1968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1969] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1968] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1969] <... openat resumed>) = 3 [pid 1968] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1969] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1968] <... futex resumed>) = 0 [pid 1968] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1968] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1969] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1968] <... futex resumed>) = 0 [pid 1968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1968] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1969] <... write resumed>) = 61 [pid 1968] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1972 attached [pid 1969] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1968] <... clone resumed>, parent_tid=[1972], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1972 [pid 1968] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1968] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1972] set_robust_list(0x7f697cdce9e0, 24 [pid 1969] <... futex resumed>) = 0 [pid 1972] <... set_robust_list resumed>) = 0 [pid 1969] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1972] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1972] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1968] <... futex resumed>) = 0 [pid 1972] <... futex resumed>) = 1 [pid 1972] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1968] exit_group(0 [pid 1969] <... futex resumed>) = ? [pid 1972] <... futex resumed>) = ? [pid 1968] <... exit_group resumed>) = ? [pid 1969] +++ exited with 0 +++ [pid 1972] +++ exited with 0 +++ [pid 1968] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1968, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./321", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./321", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./321/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./321/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./321/binderfs") = 0 umount2("./321/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./321/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./321/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./321/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./321/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./321/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./321") = 0 mkdir("./322", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1973 ./strace-static-x86_64: Process 1973 attached [pid 1973] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1973] chdir("./322") = 0 [pid 1973] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1973] setpgid(0, 0) = 0 [pid 1973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1973] write(3, "1000", 4) = 4 [pid 1973] close(3) = 0 [pid 1973] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1973] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1973] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1973] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1974], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1974 [pid 1973] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1973] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1974 attached [pid 1974] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1974] memfd_create("syzkaller", 0) = 3 [pid 1974] ftruncate(3, 2097152) = 0 [pid 1974] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1974] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1974] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1974] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1974] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1974] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1974] mkdir("./file0", 0777) = 0 [pid 1974] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1974] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1974] ioctl(4, LOOP_CLR_FD) = 0 [pid 1974] close(4) = 0 [pid 1974] close(3) = 0 [pid 1974] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1973] <... futex resumed>) = 0 [pid 1973] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1973] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1974] <... futex resumed>) = 1 [pid 1974] chdir("./file0") = 0 [pid 1974] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1973] <... futex resumed>) = 0 [pid 1973] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1973] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1974] <... futex resumed>) = 1 [pid 1974] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1974] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1973] <... futex resumed>) = 0 [pid 1974] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1973] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1974] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1973] <... futex resumed>) = 0 [pid 1973] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1974] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1973] <... futex resumed>) = 0 [pid 1974] <... write resumed>) = 61 [pid 1973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1974] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1973] <... mmap resumed>) = 0x7f697cdae000 [pid 1974] <... futex resumed>) = 0 [pid 1973] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 1974] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1973] <... mprotect resumed>) = 0 [pid 1973] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1977], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1977 [pid 1973] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1973] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1977 attached [pid 1977] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1977] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1977] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1973] <... futex resumed>) = 0 [pid 1973] exit_group(0) = ? [pid 1974] <... futex resumed>) = ? [pid 1974] +++ exited with 0 +++ [pid 1977] <... futex resumed>) = ? [pid 1977] +++ exited with 0 +++ [pid 1973] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1973, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./322", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./322", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./322/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./322/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./322/binderfs") = 0 umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./322/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./322/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./322/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./322") = 0 mkdir("./323", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1978 ./strace-static-x86_64: Process 1978 attached [pid 1978] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1978] chdir("./323") = 0 [pid 1978] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1978] setpgid(0, 0) = 0 [pid 1978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1978] write(3, "1000", 4) = 4 [pid 1978] close(3) = 0 [pid 1978] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1978] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1978] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1978] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1979], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1979 [pid 1978] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1978] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1979 attached [pid 1979] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1979] memfd_create("syzkaller", 0) = 3 [pid 1979] ftruncate(3, 2097152) = 0 [pid 1979] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1979] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1979] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1979] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1979] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1979] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1979] mkdir("./file0", 0777) = 0 [pid 1979] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1979] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1979] ioctl(4, LOOP_CLR_FD) = 0 [pid 1979] close(4) = 0 [pid 1979] close(3) = 0 [pid 1979] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1978] <... futex resumed>) = 0 [pid 1978] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1978] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1979] <... futex resumed>) = 1 [pid 1979] chdir("./file0") = 0 [pid 1979] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1978] <... futex resumed>) = 0 [pid 1978] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1978] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1979] <... futex resumed>) = 1 [pid 1979] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1979] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1978] <... futex resumed>) = 0 [pid 1978] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1979] <... futex resumed>) = 1 [pid 1978] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1979] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1978] <... futex resumed>) = 0 [pid 1978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1978] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 1979] <... write resumed>) = 61 [pid 1978] <... mprotect resumed>) = 0 [pid 1979] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1978] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 1979] <... futex resumed>) = 0 [pid 1979] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1978] <... clone resumed>, parent_tid=[1982], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1982 [pid 1978] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1978] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1982 attached [pid 1982] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 1982] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1982] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1978] <... futex resumed>) = 0 [pid 1978] exit_group(0) = ? [pid 1979] <... futex resumed>) = ? [pid 1979] +++ exited with 0 +++ [pid 1982] +++ exited with 0 +++ [pid 1978] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1978, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./323", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./323", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./323/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./323/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./323/binderfs") = 0 umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./323/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./323/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./323/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./323") = 0 mkdir("./324", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1983 ./strace-static-x86_64: Process 1983 attached [pid 1983] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1983] chdir("./324") = 0 [pid 1983] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1983] setpgid(0, 0) = 0 [pid 1983] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1983] write(3, "1000", 4) = 4 [pid 1983] close(3) = 0 [pid 1983] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1983] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1983] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1983] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1983] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1984], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1984 [pid 1983] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1983] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1984 attached [pid 1984] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1984] memfd_create("syzkaller", 0) = 3 [pid 1984] ftruncate(3, 2097152) = 0 [pid 1984] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1984] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1984] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1984] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1984] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1984] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1984] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1984] mkdir("./file0", 0777) = 0 [pid 1984] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1984] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1984] ioctl(4, LOOP_CLR_FD) = 0 [pid 1984] close(4) = 0 [pid 1984] close(3) = 0 [pid 1984] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1983] <... futex resumed>) = 0 [pid 1983] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1983] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1984] <... futex resumed>) = 1 [pid 1984] chdir("./file0") = 0 [pid 1984] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1983] <... futex resumed>) = 0 [pid 1984] <... futex resumed>) = 1 [pid 1983] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1984] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1983] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1984] <... openat resumed>) = 3 [pid 1984] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1983] <... futex resumed>) = 0 [pid 1984] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1983] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1983] <... futex resumed>) = 0 [pid 1984] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1983] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1983] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1983] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 1984] <... write resumed>) = 61 [pid 1983] <... mprotect resumed>) = 0 [pid 1984] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1983] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 1984] <... futex resumed>) = 0 [pid 1984] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1987 attached [pid 1983] <... clone resumed>, parent_tid=[1987], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1987 [pid 1987] set_robust_list(0x7f697cdce9e0, 24 [pid 1983] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1987] <... set_robust_list resumed>) = 0 [pid 1983] <... futex resumed>) = 0 [pid 1987] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 1983] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1987] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 1987] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1983] <... futex resumed>) = 0 [pid 1987] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1983] exit_group(0) = ? [pid 1987] <... futex resumed>) = ? [pid 1984] <... futex resumed>) = ? [pid 1987] +++ exited with 0 +++ [pid 1984] +++ exited with 0 +++ [pid 1983] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1983, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./324", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./324", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./324/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./324/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./324/binderfs") = 0 umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./324/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./324/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./324/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./324") = 0 mkdir("./325", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1988 ./strace-static-x86_64: Process 1988 attached [pid 1988] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1988] chdir("./325") = 0 [pid 1988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1988] setpgid(0, 0) = 0 [pid 1988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1988] write(3, "1000", 4) = 4 [pid 1988] close(3) = 0 [pid 1988] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1988] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1988] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1988] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1989], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1989 [pid 1988] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1988] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1989 attached [pid 1989] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1989] memfd_create("syzkaller", 0) = 3 [pid 1989] ftruncate(3, 2097152) = 0 [pid 1989] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1989] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1989] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1989] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1989] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1989] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1989] mkdir("./file0", 0777) = 0 [pid 1989] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1989] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1989] ioctl(4, LOOP_CLR_FD) = 0 [pid 1989] close(4) = 0 [pid 1989] close(3) = 0 [pid 1989] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1988] <... futex resumed>) = 0 [pid 1988] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1988] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1989] chdir("./file0") = 0 [pid 1989] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1988] <... futex resumed>) = 0 [pid 1988] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1988] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1989] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1989] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] <... futex resumed>) = 0 [pid 1988] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1988] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1988] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1988] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1992], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1992 ./strace-static-x86_64: Process 1992 attached [pid 1988] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1988] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1989] <... futex resumed>) = 1 [pid 1989] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1992] set_robust_list(0x7f697cdce9e0, 24 [pid 1989] <... write resumed>) = 61 [pid 1992] <... set_robust_list resumed>) = 0 [pid 1989] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1992] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 1989] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1992] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 1992] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] <... futex resumed>) = 0 [pid 1992] <... futex resumed>) = 1 [pid 1988] exit_group(0 [pid 1992] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 1989] <... futex resumed>) = ? [pid 1988] <... exit_group resumed>) = ? [pid 1989] +++ exited with 0 +++ [pid 1992] +++ exited with 0 +++ [pid 1988] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1988, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./325", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./325", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./325/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./325/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./325/binderfs") = 0 umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./325/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./325/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./325/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./325") = 0 mkdir("./326", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1993 ./strace-static-x86_64: Process 1993 attached [pid 1993] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1993] chdir("./326") = 0 [pid 1993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1993] setpgid(0, 0) = 0 [pid 1993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1993] write(3, "1000", 4) = 4 [pid 1993] close(3) = 0 [pid 1993] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1993] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1993] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1993] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1994], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1994 [pid 1993] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1993] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1994 attached [pid 1994] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 1994] memfd_create("syzkaller", 0) = 3 [pid 1994] ftruncate(3, 2097152) = 0 [pid 1994] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1994] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1994] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1994] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1994] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1994] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1994] mkdir("./file0", 0777) = 0 [pid 1994] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1994] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1994] ioctl(4, LOOP_CLR_FD) = 0 [pid 1994] close(4) = 0 [pid 1994] close(3) = 0 [pid 1994] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1993] <... futex resumed>) = 0 [pid 1993] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1993] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1994] <... futex resumed>) = 1 [pid 1994] chdir("./file0") = 0 [pid 1994] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1993] <... futex resumed>) = 0 [pid 1993] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1993] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1994] <... futex resumed>) = 1 [pid 1994] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 1994] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1993] <... futex resumed>) = 0 [pid 1993] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1993] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 1993] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1993] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1997 attached , parent_tid=[1997], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 1997 [pid 1993] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1993] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1997] set_robust_list(0x7f697cdce9e0, 24 [pid 1994] <... futex resumed>) = 1 [pid 1994] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1997] <... set_robust_list resumed>) = 0 [pid 1994] <... write resumed>) = 61 [pid 1994] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1994] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1997] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 1997] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1993] <... futex resumed>) = 0 [pid 1993] exit_group(0) = ? [pid 1994] <... futex resumed>) = ? [pid 1997] <... futex resumed>) = ? [pid 1994] +++ exited with 0 +++ [pid 1997] +++ exited with 0 +++ [pid 1993] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1993, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./326", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./326", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./326/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./326/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./326/binderfs") = 0 umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./326/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./326/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./326/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./326") = 0 mkdir("./327", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 1998 ./strace-static-x86_64: Process 1998 attached [pid 1998] set_robust_list(0x555555cf25e0, 24) = 0 [pid 1998] chdir("./327") = 0 [pid 1998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1998] setpgid(0, 0) = 0 [pid 1998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1998] write(3, "1000", 4) = 4 [pid 1998] close(3) = 0 [pid 1998] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1998] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 1998] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1998] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1999], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 1999 [pid 1998] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1999 attached ) = 0 [pid 1999] set_robust_list(0x7f697cdef9e0, 24 [pid 1998] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1999] <... set_robust_list resumed>) = 0 [pid 1999] memfd_create("syzkaller", 0) = 3 [pid 1999] ftruncate(3, 2097152) = 0 [pid 1999] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1999] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1999] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1999] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1999] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1999] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1999] mkdir("./file0", 0777) = 0 [pid 1999] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1999] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1999] ioctl(4, LOOP_CLR_FD) = 0 [pid 1999] close(4) = 0 [pid 1999] close(3) = 0 [pid 1999] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1998] <... futex resumed>) = 0 [pid 1999] chdir("./file0" [pid 1998] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1999] <... chdir resumed>) = 0 [pid 1999] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1998] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1999] <... futex resumed>) = 0 [pid 1999] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1998] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1998] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1999] <... futex resumed>) = 0 [pid 1998] <... futex resumed>) = 1 [pid 1999] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1998] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1999] <... openat resumed>) = 3 [pid 1999] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1998] <... futex resumed>) = 0 [pid 1999] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 1998] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1998] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1999] <... write resumed>) = 61 [pid 1999] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1999] <... futex resumed>) = 0 [pid 1998] <... mmap resumed>) = 0x7f697cdae000 [pid 1999] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1998] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1998] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2002], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2002 ./strace-static-x86_64: Process 2002 attached [pid 2002] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2002] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1998] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2002] <... futex resumed>) = 0 [pid 2002] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 1998] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2002] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2002] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2002] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1998] <... futex resumed>) = 0 [pid 1998] exit_group(0 [pid 2002] <... futex resumed>) = ? [pid 1999] <... futex resumed>) = ? [pid 1998] <... exit_group resumed>) = ? [pid 2002] +++ exited with 0 +++ [pid 1999] +++ exited with 0 +++ [pid 1998] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1998, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./327", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./327", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./327/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./327/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./327/binderfs") = 0 umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./327/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./327/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./327/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./327") = 0 mkdir("./328", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2003 ./strace-static-x86_64: Process 2003 attached [pid 2003] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2003] chdir("./328") = 0 [pid 2003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2003] setpgid(0, 0) = 0 [pid 2003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2003] write(3, "1000", 4) = 4 [pid 2003] close(3) = 0 [pid 2003] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2003] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2003] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2003] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2004], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2004 ./strace-static-x86_64: Process 2004 attached [pid 2003] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2003] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2004] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2004] memfd_create("syzkaller", 0) = 3 [pid 2004] ftruncate(3, 2097152) = 0 [pid 2004] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2004] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2004] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2004] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2004] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2004] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2004] mkdir("./file0", 0777) = 0 [pid 2004] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2004] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2004] ioctl(4, LOOP_CLR_FD) = 0 [pid 2004] close(4) = 0 [pid 2004] close(3) = 0 [pid 2004] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2003] <... futex resumed>) = 0 [pid 2003] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2004] chdir("./file0" [pid 2003] <... futex resumed>) = 0 [pid 2004] <... chdir resumed>) = 0 [pid 2003] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2004] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2003] <... futex resumed>) = 0 [pid 2003] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2003] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2004] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2004] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2003] <... futex resumed>) = 0 [pid 2003] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2004] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2003] <... futex resumed>) = 0 [pid 2003] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2004] <... write resumed>) = 61 [pid 2004] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2003] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2004] <... futex resumed>) = 0 [pid 2003] <... mprotect resumed>) = 0 [pid 2003] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2004] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2003] <... clone resumed>, parent_tid=[2007], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2007 ./strace-static-x86_64: Process 2007 attached [pid 2003] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2007] set_robust_list(0x7f697cdce9e0, 24 [pid 2003] <... futex resumed>) = 0 [pid 2007] <... set_robust_list resumed>) = 0 [pid 2003] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2007] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2007] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2003] <... futex resumed>) = 0 [pid 2003] exit_group(0) = ? [pid 2004] <... futex resumed>) = ? [pid 2004] +++ exited with 0 +++ [pid 2007] <... futex resumed>) = ? [pid 2007] +++ exited with 0 +++ [pid 2003] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2003, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./328", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./328", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./328/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./328/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./328/binderfs") = 0 umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./328/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./328/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./328/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./328") = 0 mkdir("./329", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2008 ./strace-static-x86_64: Process 2008 attached [pid 2008] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2008] chdir("./329") = 0 [pid 2008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2008] setpgid(0, 0) = 0 [pid 2008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2008] write(3, "1000", 4) = 4 [pid 2008] close(3) = 0 [pid 2008] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2008] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2008] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2008] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2009], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2009 ./strace-static-x86_64: Process 2009 attached [pid 2008] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2008] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2009] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2009] memfd_create("syzkaller", 0) = 3 [pid 2009] ftruncate(3, 2097152) = 0 [pid 2009] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2009] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2009] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2009] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2009] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2009] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2009] mkdir("./file0", 0777) = 0 [pid 2009] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2009] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2009] ioctl(4, LOOP_CLR_FD) = 0 [pid 2009] close(4) = 0 [pid 2009] close(3) = 0 [pid 2009] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2008] <... futex resumed>) = 0 [pid 2008] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2008] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2009] <... futex resumed>) = 1 [pid 2009] chdir("./file0") = 0 [pid 2009] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2009] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2008] <... futex resumed>) = 0 [pid 2008] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2008] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2009] <... futex resumed>) = 0 [pid 2009] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2009] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2008] <... futex resumed>) = 0 [pid 2008] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2008] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2008] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2008] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2012], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2012 [pid 2008] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2008] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2009] <... futex resumed>) = 1 [pid 2009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2009] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2009] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2012 attached [pid 2012] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2012] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2012] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2008] <... futex resumed>) = 0 [pid 2008] exit_group(0) = ? [pid 2009] <... futex resumed>) = ? [pid 2009] +++ exited with 0 +++ [pid 2012] <... futex resumed>) = ? [pid 2012] +++ exited with 0 +++ [pid 2008] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2008, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./329", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./329", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./329/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./329/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./329/binderfs") = 0 umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./329/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./329/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./329/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./329") = 0 mkdir("./330", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2013 ./strace-static-x86_64: Process 2013 attached [pid 2013] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2013] chdir("./330") = 0 [pid 2013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2013] setpgid(0, 0) = 0 [pid 2013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2013] write(3, "1000", 4) = 4 [pid 2013] close(3) = 0 [pid 2013] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2013] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2013] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2013] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2013] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2014], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2014 [pid 2013] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2013] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2014 attached [pid 2014] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2014] memfd_create("syzkaller", 0) = 3 [pid 2014] ftruncate(3, 2097152) = 0 [pid 2014] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2014] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2014] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2014] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2014] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2014] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2014] mkdir("./file0", 0777) = 0 [pid 2014] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2014] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2014] ioctl(4, LOOP_CLR_FD) = 0 [pid 2014] close(4) = 0 [pid 2014] close(3) = 0 [pid 2014] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2013] <... futex resumed>) = 0 [pid 2013] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2013] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2014] <... futex resumed>) = 1 [pid 2014] chdir("./file0") = 0 [pid 2014] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2013] <... futex resumed>) = 0 [pid 2013] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2013] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2014] <... futex resumed>) = 1 [pid 2014] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2014] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2013] <... futex resumed>) = 0 [pid 2013] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2014] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2013] <... futex resumed>) = 0 [pid 2013] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2013] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2013] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2013] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2017 attached , parent_tid=[2017], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2017 [pid 2017] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2017] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2013] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2013] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2014] <... write resumed>) = 61 [pid 2017] <... futex resumed>) = 0 [pid 2014] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2017] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2014] <... futex resumed>) = 0 [pid 2014] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2017] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2017] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2013] <... futex resumed>) = 0 [pid 2013] exit_group(0) = ? [pid 2014] <... futex resumed>) = ? [pid 2014] +++ exited with 0 +++ [pid 2017] +++ exited with 0 +++ [pid 2013] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2013, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./330", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./330", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./330/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./330/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./330/binderfs") = 0 umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./330/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./330/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./330/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./330") = 0 mkdir("./331", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2018 ./strace-static-x86_64: Process 2018 attached [pid 2018] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2018] chdir("./331") = 0 [pid 2018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2018] setpgid(0, 0) = 0 [pid 2018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2018] write(3, "1000", 4) = 4 [pid 2018] close(3) = 0 [pid 2018] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2018] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2018] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2018] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2019], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2019 [pid 2018] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2018] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2019 attached [pid 2019] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2019] memfd_create("syzkaller", 0) = 3 [pid 2019] ftruncate(3, 2097152) = 0 [pid 2019] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2019] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2019] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2019] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2019] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2019] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2019] mkdir("./file0", 0777) = 0 [pid 2019] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2019] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2019] ioctl(4, LOOP_CLR_FD) = 0 [pid 2019] close(4) = 0 [pid 2019] close(3) = 0 [pid 2019] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2018] <... futex resumed>) = 0 [pid 2018] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2019] chdir("./file0" [pid 2018] <... futex resumed>) = 0 [pid 2019] <... chdir resumed>) = 0 [pid 2019] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2018] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2019] <... futex resumed>) = 0 [pid 2019] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2018] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2018] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2019] <... futex resumed>) = 0 [pid 2018] <... futex resumed>) = 1 [pid 2019] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2018] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2019] <... openat resumed>) = 3 [pid 2019] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2018] <... futex resumed>) = 0 [pid 2019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2018] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2019] <... write resumed>) = 61 [pid 2018] <... futex resumed>) = 0 [pid 2019] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2018] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2019] <... futex resumed>) = 0 [pid 2018] <... futex resumed>) = 0 [pid 2019] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2018] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2018] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2022], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2022 [pid 2018] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2018] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2022 attached [pid 2022] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2022] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2022] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2022] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2018] <... futex resumed>) = 0 [pid 2018] exit_group(0 [pid 2019] <... futex resumed>) = ? [pid 2018] <... exit_group resumed>) = ? [pid 2019] +++ exited with 0 +++ [pid 2022] <... futex resumed>) = ? [pid 2022] +++ exited with 0 +++ [pid 2018] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2018, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./331", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./331", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./331/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./331/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./331/binderfs") = 0 umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./331/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./331/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./331/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./331") = 0 mkdir("./332", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2023 ./strace-static-x86_64: Process 2023 attached [pid 2023] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2023] chdir("./332") = 0 [pid 2023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2023] setpgid(0, 0) = 0 [pid 2023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2023] write(3, "1000", 4) = 4 [pid 2023] close(3) = 0 [pid 2023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2023] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2023] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2023] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2024], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2024 [pid 2023] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2023] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2024 attached [pid 2024] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2024] memfd_create("syzkaller", 0) = 3 [pid 2024] ftruncate(3, 2097152) = 0 [pid 2024] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2024] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2024] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2024] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2024] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2024] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2024] mkdir("./file0", 0777) = 0 [pid 2024] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2024] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2024] ioctl(4, LOOP_CLR_FD) = 0 [pid 2024] close(4) = 0 [pid 2024] close(3) = 0 [pid 2024] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2023] <... futex resumed>) = 0 [pid 2023] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2023] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2024] chdir("./file0") = 0 [pid 2024] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2023] <... futex resumed>) = 0 [pid 2024] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2023] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2023] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2024] <... openat resumed>) = 3 [pid 2024] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2023] <... futex resumed>) = 0 [pid 2024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2023] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2024] <... write resumed>) = 61 [pid 2023] <... futex resumed>) = 0 [pid 2024] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2023] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2024] <... futex resumed>) = 0 [pid 2023] <... futex resumed>) = 0 [pid 2024] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2023] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2023] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2027], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2027 [pid 2023] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2023] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2027 attached [pid 2027] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2027] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2027] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2023] <... futex resumed>) = 0 [pid 2023] exit_group(0 [pid 2024] <... futex resumed>) = ? [pid 2023] <... exit_group resumed>) = ? [pid 2024] +++ exited with 0 +++ [pid 2027] +++ exited with 0 +++ [pid 2023] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2023, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./332", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./332", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./332/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./332/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./332/binderfs") = 0 umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./332/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./332/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./332/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./332") = 0 mkdir("./333", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2028 ./strace-static-x86_64: Process 2028 attached [pid 2028] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2028] chdir("./333") = 0 [pid 2028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2028] setpgid(0, 0) = 0 [pid 2028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2028] write(3, "1000", 4) = 4 [pid 2028] close(3) = 0 [pid 2028] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2028] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2028] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2028] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2029], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2029 [pid 2028] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2028] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2029 attached [pid 2029] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2029] memfd_create("syzkaller", 0) = 3 [pid 2029] ftruncate(3, 2097152) = 0 [pid 2029] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2029] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2029] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2029] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2029] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2029] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2029] mkdir("./file0", 0777) = 0 [pid 2029] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2029] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2029] ioctl(4, LOOP_CLR_FD) = 0 [pid 2029] close(4) = 0 [pid 2029] close(3) = 0 [pid 2029] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2028] <... futex resumed>) = 0 [pid 2029] <... futex resumed>) = 1 [pid 2028] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2029] chdir("./file0" [pid 2028] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2029] <... chdir resumed>) = 0 [pid 2029] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2028] <... futex resumed>) = 0 [pid 2029] <... futex resumed>) = 1 [pid 2028] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2029] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2028] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2029] <... openat resumed>) = 3 [pid 2029] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2028] <... futex resumed>) = 0 [pid 2029] <... futex resumed>) = 1 [pid 2028] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2028] <... futex resumed>) = 0 [pid 2028] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2029] <... write resumed>) = 61 [pid 2028] <... mmap resumed>) = 0x7f697cdae000 [pid 2029] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2028] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2029] <... futex resumed>) = 0 [pid 2029] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2028] <... mprotect resumed>) = 0 [pid 2028] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2032], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2032 [pid 2028] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2028] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2032 attached [pid 2032] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2032] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2032] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2028] <... futex resumed>) = 0 [pid 2028] exit_group(0) = ? [pid 2029] <... futex resumed>) = ? [pid 2029] +++ exited with 0 +++ [pid 2032] <... futex resumed>) = ? [pid 2032] +++ exited with 0 +++ [pid 2028] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2028, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./333", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./333", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./333/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./333/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./333/binderfs") = 0 umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./333/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./333/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./333/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./333") = 0 mkdir("./334", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2033 ./strace-static-x86_64: Process 2033 attached [pid 2033] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2033] chdir("./334") = 0 [pid 2033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2033] setpgid(0, 0) = 0 [pid 2033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2033] write(3, "1000", 4) = 4 [pid 2033] close(3) = 0 [pid 2033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2033] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2033] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2033] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2034], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2034 [pid 2033] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2033] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2034 attached [pid 2034] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2034] memfd_create("syzkaller", 0) = 3 [pid 2034] ftruncate(3, 2097152) = 0 [pid 2034] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2034] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2034] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2034] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2034] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2034] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2034] mkdir("./file0", 0777) = 0 [pid 2034] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2034] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2034] ioctl(4, LOOP_CLR_FD) = 0 [pid 2034] close(4) = 0 [pid 2034] close(3) = 0 [pid 2034] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2033] <... futex resumed>) = 0 [pid 2033] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2033] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2034] chdir("./file0") = 0 [pid 2034] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2033] <... futex resumed>) = 0 [pid 2033] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2033] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2034] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2034] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2033] <... futex resumed>) = 0 [pid 2034] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2033] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2033] <... futex resumed>) = 0 [pid 2034] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2034] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2033] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2033] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2034] <... futex resumed>) = 0 [pid 2034] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2034] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2033] <... futex resumed>) = 0 [pid 2033] exit_group(0) = ? [pid 2034] +++ exited with 0 +++ [pid 2033] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2033, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./334", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./334", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./334/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./334/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./334/binderfs") = 0 umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./334/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./334/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./334/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./334") = 0 mkdir("./335", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2037 ./strace-static-x86_64: Process 2037 attached [pid 2037] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2037] chdir("./335") = 0 [pid 2037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2037] setpgid(0, 0) = 0 [pid 2037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2037] write(3, "1000", 4) = 4 [pid 2037] close(3) = 0 [pid 2037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2037] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2037] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2037] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2038], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2038 [pid 2037] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2037] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2038 attached [pid 2038] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2038] memfd_create("syzkaller", 0) = 3 [pid 2038] ftruncate(3, 2097152) = 0 [pid 2038] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2038] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2038] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2038] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2038] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2038] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2038] mkdir("./file0", 0777) = 0 [pid 2038] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2038] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2038] ioctl(4, LOOP_CLR_FD) = 0 [pid 2038] close(4) = 0 [pid 2038] close(3) = 0 [pid 2038] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2038] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2037] <... futex resumed>) = 0 [pid 2037] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2037] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2038] <... futex resumed>) = 0 [pid 2038] chdir("./file0") = 0 [pid 2038] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2037] <... futex resumed>) = 0 [pid 2037] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2038] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2037] <... futex resumed>) = 0 [pid 2037] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2038] <... openat resumed>) = 3 [pid 2038] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2037] <... futex resumed>) = 0 [pid 2037] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2037] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2037] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2037] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2041 attached , parent_tid=[2041], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2041 [pid 2041] set_robust_list(0x7f697cdce9e0, 24 [pid 2037] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2041] <... set_robust_list resumed>) = 0 [pid 2041] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2037] <... futex resumed>) = 0 [pid 2037] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2041] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2041] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2041] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2037] <... futex resumed>) = 0 [pid 2038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = -1 ENOSPC (No space left on device) [pid 2038] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2038] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2037] exit_group(0) = ? [pid 2041] <... futex resumed>) = ? [pid 2038] <... futex resumed>) = ? [pid 2041] +++ exited with 0 +++ [pid 2038] +++ exited with 0 +++ [pid 2037] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2037, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./335", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./335", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./335/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./335/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./335/binderfs") = 0 umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./335/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./335/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./335/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./335") = 0 mkdir("./336", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2042 ./strace-static-x86_64: Process 2042 attached [pid 2042] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2042] chdir("./336") = 0 [pid 2042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2042] setpgid(0, 0) = 0 [pid 2042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2042] write(3, "1000", 4) = 4 [pid 2042] close(3) = 0 [pid 2042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2042] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2042] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2042] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2043], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2043 [pid 2042] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2042] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2043 attached [pid 2043] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2043] memfd_create("syzkaller", 0) = 3 [pid 2043] ftruncate(3, 2097152) = 0 [pid 2043] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2043] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2043] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2043] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2043] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2043] mkdir("./file0", 0777) = 0 [pid 2043] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2043] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2043] ioctl(4, LOOP_CLR_FD) = 0 [pid 2043] close(4) = 0 [pid 2043] close(3) = 0 [pid 2043] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2042] <... futex resumed>) = 0 [pid 2042] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2042] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2043] <... futex resumed>) = 1 [pid 2043] chdir("./file0") = 0 [pid 2043] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2042] <... futex resumed>) = 0 [pid 2042] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2042] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2043] <... futex resumed>) = 1 [pid 2043] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2043] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2042] <... futex resumed>) = 0 [pid 2042] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2042] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2042] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2042] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2046], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2046 [pid 2042] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2042] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2043] <... futex resumed>) = 1 [pid 2043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2043] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2043] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2046 attached [pid 2046] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2046] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2046] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2042] <... futex resumed>) = 0 [pid 2046] <... futex resumed>) = 1 [pid 2042] exit_group(0 [pid 2043] <... futex resumed>) = ? [pid 2042] <... exit_group resumed>) = ? [pid 2043] +++ exited with 0 +++ [pid 2046] +++ exited with 0 +++ [pid 2042] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2042, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./336", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./336", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./336/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./336/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./336/binderfs") = 0 umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./336/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./336/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./336/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./336") = 0 mkdir("./337", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2047 ./strace-static-x86_64: Process 2047 attached [pid 2047] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2047] chdir("./337") = 0 [pid 2047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2047] setpgid(0, 0) = 0 [pid 2047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2047] write(3, "1000", 4) = 4 [pid 2047] close(3) = 0 [pid 2047] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2047] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2047] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2047] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2048 attached , parent_tid=[2048], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2048 [pid 2047] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2047] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2048] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2048] memfd_create("syzkaller", 0) = 3 [pid 2048] ftruncate(3, 2097152) = 0 [pid 2048] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2048] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2048] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2048] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2048] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2048] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2048] mkdir("./file0", 0777) = 0 [pid 2048] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2048] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2048] ioctl(4, LOOP_CLR_FD) = 0 [pid 2048] close(4) = 0 [pid 2048] close(3) = 0 [pid 2048] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2047] <... futex resumed>) = 0 [pid 2048] chdir("./file0" [pid 2047] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2048] <... chdir resumed>) = 0 [pid 2047] <... futex resumed>) = 0 [pid 2048] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2047] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2048] <... futex resumed>) = 0 [pid 2047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2048] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2047] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2047] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2048] <... openat resumed>) = 3 [pid 2048] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2047] <... futex resumed>) = 0 [pid 2048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2047] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2048] <... write resumed>) = 61 [pid 2047] <... futex resumed>) = 0 [pid 2048] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2047] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2048] <... futex resumed>) = 0 [pid 2047] <... futex resumed>) = 0 [pid 2048] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2047] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2047] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2051 attached , parent_tid=[2051], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2051 [pid 2047] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2047] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2051] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2051] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2051] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2047] <... futex resumed>) = 0 [pid 2047] exit_group(0 [pid 2051] <... futex resumed>) = ? [pid 2048] <... futex resumed>) = ? [pid 2047] <... exit_group resumed>) = ? [pid 2048] +++ exited with 0 +++ [pid 2051] +++ exited with 0 +++ [pid 2047] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2047, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./337", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./337", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./337/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./337/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./337/binderfs") = 0 umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./337/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./337/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./337/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./337") = 0 mkdir("./338", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2052 ./strace-static-x86_64: Process 2052 attached [pid 2052] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2052] chdir("./338") = 0 [pid 2052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2052] setpgid(0, 0) = 0 [pid 2052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2052] write(3, "1000", 4) = 4 [pid 2052] close(3) = 0 [pid 2052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2052] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2052] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2052] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2053], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2053 [pid 2052] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2052] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2053 attached [pid 2053] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2053] memfd_create("syzkaller", 0) = 3 [pid 2053] ftruncate(3, 2097152) = 0 [pid 2053] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2053] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2053] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2053] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2053] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2053] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2053] mkdir("./file0", 0777) = 0 [pid 2053] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2053] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2053] ioctl(4, LOOP_CLR_FD) = 0 [pid 2053] close(4) = 0 [pid 2053] close(3) = 0 [pid 2053] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2052] <... futex resumed>) = 0 [pid 2052] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2053] chdir("./file0" [pid 2052] <... futex resumed>) = 0 [pid 2052] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2053] <... chdir resumed>) = 0 [pid 2053] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2052] <... futex resumed>) = 0 [pid 2052] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2052] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2053] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2053] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2052] <... futex resumed>) = 0 [pid 2053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2052] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2052] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2053] <... write resumed>) = 61 [pid 2052] <... futex resumed>) = 0 [pid 2052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2052] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2053] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2052] <... mprotect resumed>) = 0 [pid 2053] <... futex resumed>) = 0 [pid 2052] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2053] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2052] <... clone resumed>, parent_tid=[2056], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2056 [pid 2052] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2052] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2056 attached [pid 2056] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2056] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2056] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2052] <... futex resumed>) = 0 [pid 2052] exit_group(0) = ? [pid 2056] +++ exited with 0 +++ [pid 2053] <... futex resumed>) = ? [pid 2053] +++ exited with 0 +++ [pid 2052] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2052, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./338", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./338", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./338/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./338/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./338/binderfs") = 0 umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./338/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./338/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./338/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./338") = 0 mkdir("./339", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2057 ./strace-static-x86_64: Process 2057 attached [pid 2057] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2057] chdir("./339") = 0 [pid 2057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2057] setpgid(0, 0) = 0 [pid 2057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2057] write(3, "1000", 4) = 4 [pid 2057] close(3) = 0 [pid 2057] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2057] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2057] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2057] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2058], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2058 [pid 2057] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2057] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2058 attached [pid 2058] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2058] memfd_create("syzkaller", 0) = 3 [pid 2058] ftruncate(3, 2097152) = 0 [pid 2058] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2058] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2058] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2058] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2058] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2058] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2058] mkdir("./file0", 0777) = 0 [pid 2058] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2058] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2058] ioctl(4, LOOP_CLR_FD) = 0 [pid 2058] close(4) = 0 [pid 2058] close(3) = 0 [pid 2058] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2057] <... futex resumed>) = 0 [pid 2057] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2058] chdir("./file0" [pid 2057] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2058] <... chdir resumed>) = 0 [pid 2058] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2057] <... futex resumed>) = 0 [pid 2057] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2057] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2058] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2058] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2057] <... futex resumed>) = 0 [pid 2057] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2057] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2057] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2057] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2061 attached [pid 2061] set_robust_list(0x7f697cdce9e0, 24 [pid 2057] <... clone resumed>, parent_tid=[2061], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2061 [pid 2057] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2061] <... set_robust_list resumed>) = 0 [pid 2057] <... futex resumed>) = 0 [pid 2061] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2057] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2061] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2061] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2058] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 2058] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2058] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2061] <... futex resumed>) = 1 [pid 2057] <... futex resumed>) = 0 [pid 2057] exit_group(0) = ? [pid 2058] <... futex resumed>) = ? [pid 2058] +++ exited with 0 +++ [pid 2061] +++ exited with 0 +++ [pid 2057] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2057, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./339", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./339", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./339/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./339/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./339/binderfs") = 0 umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./339/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./339/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./339/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./339") = 0 mkdir("./340", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2062 ./strace-static-x86_64: Process 2062 attached [pid 2062] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2062] chdir("./340") = 0 [pid 2062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2062] setpgid(0, 0) = 0 [pid 2062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2062] write(3, "1000", 4) = 4 [pid 2062] close(3) = 0 [pid 2062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2062] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2062] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2062] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2063], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2063 [pid 2062] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2062] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2063 attached [pid 2063] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2063] memfd_create("syzkaller", 0) = 3 [pid 2063] ftruncate(3, 2097152) = 0 [pid 2063] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2063] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2063] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2063] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2063] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2063] mkdir("./file0", 0777) = 0 [pid 2063] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2063] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2063] ioctl(4, LOOP_CLR_FD) = 0 [pid 2063] close(4) = 0 [pid 2063] close(3) = 0 [pid 2063] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2062] <... futex resumed>) = 0 [pid 2062] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2062] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2063] <... futex resumed>) = 1 [pid 2063] chdir("./file0") = 0 [pid 2063] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2062] <... futex resumed>) = 0 [pid 2062] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2062] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2063] <... futex resumed>) = 1 [pid 2063] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2063] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2062] <... futex resumed>) = 0 [pid 2062] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2062] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2062] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2062] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2066 attached , parent_tid=[2066], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2066 [pid 2066] set_robust_list(0x7f697cdce9e0, 24 [pid 2062] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2066] <... set_robust_list resumed>) = 0 [pid 2062] <... futex resumed>) = 0 [pid 2066] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2062] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2063] <... futex resumed>) = 1 [pid 2063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2066] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2066] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2062] <... futex resumed>) = 0 [pid 2066] <... futex resumed>) = 1 [pid 2063] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 2063] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2063] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2066] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2062] exit_group(0) = ? [pid 2063] <... futex resumed>) = ? [pid 2063] +++ exited with 0 +++ [pid 2066] <... futex resumed>) = ? [pid 2066] +++ exited with 0 +++ [pid 2062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2062, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./340", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./340", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./340/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./340/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./340/binderfs") = 0 umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./340/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./340/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./340/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./340") = 0 mkdir("./341", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2067 ./strace-static-x86_64: Process 2067 attached [pid 2067] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2067] chdir("./341") = 0 [pid 2067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2067] setpgid(0, 0) = 0 [pid 2067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2067] write(3, "1000", 4) = 4 [pid 2067] close(3) = 0 [pid 2067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2067] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2067] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2067] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2068], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2068 [pid 2067] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2067] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2068 attached [pid 2068] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2068] memfd_create("syzkaller", 0) = 3 [pid 2068] ftruncate(3, 2097152) = 0 [pid 2068] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2068] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2068] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2068] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2068] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2068] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2068] mkdir("./file0", 0777) = 0 [pid 2068] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2068] ioctl(4, LOOP_CLR_FD) = 0 [pid 2068] close(4) = 0 [pid 2068] close(3) = 0 [pid 2068] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2067] <... futex resumed>) = 0 [pid 2067] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2067] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2068] <... futex resumed>) = 1 [pid 2068] chdir("./file0") = 0 [pid 2068] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2067] <... futex resumed>) = 0 [pid 2067] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2067] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2068] <... futex resumed>) = 1 [pid 2068] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2068] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2067] <... futex resumed>) = 0 [pid 2067] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2067] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2067] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2067] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2071 attached , parent_tid=[2071], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2071 [pid 2067] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2067] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2068] <... futex resumed>) = 1 [pid 2068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2068] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2071] set_robust_list(0x7f697cdce9e0, 24 [pid 2068] <... futex resumed>) = 0 [pid 2068] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2071] <... set_robust_list resumed>) = 0 [pid 2071] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2071] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2067] <... futex resumed>) = 0 [pid 2067] exit_group(0) = ? [pid 2071] <... futex resumed>) = ? [pid 2068] <... futex resumed>) = ? [pid 2068] +++ exited with 0 +++ [pid 2071] +++ exited with 0 +++ [pid 2067] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2067, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./341", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./341", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./341/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./341/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./341/binderfs") = 0 umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./341/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./341/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./341/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./341") = 0 mkdir("./342", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2072 ./strace-static-x86_64: Process 2072 attached [pid 2072] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2072] chdir("./342") = 0 [pid 2072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2072] setpgid(0, 0) = 0 [pid 2072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2072] write(3, "1000", 4) = 4 [pid 2072] close(3) = 0 [pid 2072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2072] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2072] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2072] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2073], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2073 [pid 2072] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2072] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2073 attached [pid 2073] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2073] memfd_create("syzkaller", 0) = 3 [pid 2073] ftruncate(3, 2097152) = 0 [pid 2073] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2073] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2073] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2073] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2073] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2073] mkdir("./file0", 0777) = 0 [pid 2073] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2073] ioctl(4, LOOP_CLR_FD) = 0 [pid 2073] close(4) = 0 [pid 2073] close(3) = 0 [pid 2073] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2072] <... futex resumed>) = 0 [pid 2072] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2072] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2073] chdir("./file0") = 0 [pid 2073] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2072] <... futex resumed>) = 0 [pid 2072] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2072] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2073] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2073] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2072] <... futex resumed>) = 0 [pid 2072] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2072] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2072] <... mmap resumed>) = 0x7f697cdae000 [pid 2073] <... write resumed>) = 61 [pid 2072] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2073] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2072] <... mprotect resumed>) = 0 [pid 2073] <... futex resumed>) = 0 [pid 2072] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2073] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2072] <... clone resumed>, parent_tid=[2076], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2076 [pid 2072] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2072] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2076 attached [pid 2076] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2076] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2076] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2076] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2072] <... futex resumed>) = 0 [pid 2072] exit_group(0) = ? [pid 2076] <... futex resumed>) = ? [pid 2076] +++ exited with 0 +++ [pid 2073] <... futex resumed>) = ? [pid 2073] +++ exited with 0 +++ [pid 2072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2072, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./342", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./342", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./342/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./342/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./342/binderfs") = 0 umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./342/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./342/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./342/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./342") = 0 mkdir("./343", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2077 ./strace-static-x86_64: Process 2077 attached [pid 2077] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2077] chdir("./343") = 0 [pid 2077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2077] setpgid(0, 0) = 0 [pid 2077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2077] write(3, "1000", 4) = 4 [pid 2077] close(3) = 0 [pid 2077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2077] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2077] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2077] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2078], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2078 [pid 2077] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2077] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2078 attached [pid 2078] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2078] memfd_create("syzkaller", 0) = 3 [pid 2078] ftruncate(3, 2097152) = 0 [pid 2078] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2078] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2078] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2078] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2078] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2078] mkdir("./file0", 0777) = 0 [pid 2078] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2078] ioctl(4, LOOP_CLR_FD) = 0 [pid 2078] close(4) = 0 [pid 2078] close(3) = 0 [pid 2078] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2077] <... futex resumed>) = 0 [pid 2078] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2077] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2078] chdir("./file0" [pid 2077] <... futex resumed>) = 0 [pid 2078] <... chdir resumed>) = 0 [pid 2077] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2078] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2078] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2077] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2077] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2078] <... futex resumed>) = 0 [pid 2078] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2078] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2077] <... futex resumed>) = 0 [pid 2077] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2077] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2077] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2077] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2081], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2081 [pid 2077] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2077] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2078] <... futex resumed>) = 1 [pid 2078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2078] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2078] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2081 attached [pid 2081] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2081] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2081] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2077] <... futex resumed>) = 0 [pid 2077] exit_group(0 [pid 2078] <... futex resumed>) = ? [pid 2077] <... exit_group resumed>) = ? [pid 2078] +++ exited with 0 +++ [pid 2081] <... futex resumed>) = ? [pid 2081] +++ exited with 0 +++ [pid 2077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2077, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./343", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./343", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./343/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./343/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./343/binderfs") = 0 umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./343/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./343/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./343/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./343") = 0 mkdir("./344", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2082 ./strace-static-x86_64: Process 2082 attached [pid 2082] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2082] chdir("./344") = 0 [pid 2082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2082] setpgid(0, 0) = 0 [pid 2082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2082] write(3, "1000", 4) = 4 [pid 2082] close(3) = 0 [pid 2082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2082] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2082] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2082] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2083], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2083 [pid 2082] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2082] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2083 attached [pid 2083] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2083] memfd_create("syzkaller", 0) = 3 [pid 2083] ftruncate(3, 2097152) = 0 [pid 2083] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2083] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2083] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2083] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2083] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2083] mkdir("./file0", 0777) = 0 [pid 2083] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2083] ioctl(4, LOOP_CLR_FD) = 0 [pid 2083] close(4) = 0 [pid 2083] close(3) = 0 [pid 2083] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2082] <... futex resumed>) = 0 [pid 2082] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2082] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2083] <... futex resumed>) = 1 [pid 2083] chdir("./file0") = 0 [pid 2083] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2082] <... futex resumed>) = 0 [pid 2082] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2082] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2083] <... futex resumed>) = 1 [pid 2083] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2083] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2082] <... futex resumed>) = 0 [pid 2082] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2082] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2082] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2082] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2086], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2086 [pid 2082] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2082] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2083] <... futex resumed>) = 1 [pid 2083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2083] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2083] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2086 attached [pid 2086] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2086] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2086] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2082] <... futex resumed>) = 0 [pid 2082] exit_group(0 [pid 2083] <... futex resumed>) = ? [pid 2082] <... exit_group resumed>) = ? [pid 2083] +++ exited with 0 +++ [pid 2086] <... futex resumed>) = ? [pid 2086] +++ exited with 0 +++ [pid 2082] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2082, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./344", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./344", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./344/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./344/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./344/binderfs") = 0 umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./344/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./344/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./344/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./344") = 0 mkdir("./345", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2087 ./strace-static-x86_64: Process 2087 attached [pid 2087] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2087] chdir("./345") = 0 [pid 2087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2087] setpgid(0, 0) = 0 [pid 2087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2087] write(3, "1000", 4) = 4 [pid 2087] close(3) = 0 [pid 2087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2087] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2087] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2087] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2088], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2088 [pid 2087] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2088 attached ) = 0 [pid 2088] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2088] memfd_create("syzkaller", 0 [pid 2087] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2088] <... memfd_create resumed>) = 3 [pid 2088] ftruncate(3, 2097152) = 0 [pid 2088] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2088] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2088] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2088] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2088] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2088] mkdir("./file0", 0777) = 0 [pid 2088] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2088] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2088] ioctl(4, LOOP_CLR_FD) = 0 [pid 2088] close(4) = 0 [pid 2088] close(3) = 0 [pid 2088] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2087] <... futex resumed>) = 0 [pid 2087] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2087] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2088] chdir("./file0") = 0 [pid 2088] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2087] <... futex resumed>) = 0 [pid 2087] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2087] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2088] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2088] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2087] <... futex resumed>) = 0 [pid 2087] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2087] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2087] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2088] <... write resumed>) = 61 [pid 2087] <... mprotect resumed>) = 0 [pid 2088] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2087] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2088] <... futex resumed>) = 0 [pid 2088] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2091 attached [pid 2087] <... clone resumed>, parent_tid=[2091], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2091 [pid 2091] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2087] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2091] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2087] <... futex resumed>) = 0 [pid 2087] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2091] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2091] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2087] <... futex resumed>) = 0 [pid 2091] <... futex resumed>) = 1 [pid 2087] exit_group(0 [pid 2091] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 2087] <... exit_group resumed>) = ? [pid 2088] <... futex resumed>) = ? [pid 2091] +++ exited with 0 +++ [pid 2088] +++ exited with 0 +++ [pid 2087] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2087, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./345", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./345", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./345/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./345/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./345/binderfs") = 0 umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./345/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./345/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./345/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./345") = 0 mkdir("./346", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2092 ./strace-static-x86_64: Process 2092 attached [pid 2092] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2092] chdir("./346") = 0 [pid 2092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2092] setpgid(0, 0) = 0 [pid 2092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2092] write(3, "1000", 4) = 4 [pid 2092] close(3) = 0 [pid 2092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2092] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2092] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2092] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2093], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2093 [pid 2092] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2093 attached ) = 0 [pid 2093] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2093] memfd_create("syzkaller", 0) = 3 [pid 2093] ftruncate(3, 2097152) = 0 [pid 2093] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2093] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2092] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2093] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2093] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2093] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2093] mkdir("./file0", 0777) = 0 [pid 2093] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2093] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2093] ioctl(4, LOOP_CLR_FD) = 0 [pid 2093] close(4) = 0 [pid 2093] close(3) = 0 [pid 2093] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2092] <... futex resumed>) = 0 [pid 2092] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2092] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2093] chdir("./file0") = 0 [pid 2093] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2092] <... futex resumed>) = 0 [pid 2092] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2092] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2093] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2093] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2092] <... futex resumed>) = 0 [pid 2092] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2092] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2092] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2092] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2096], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2096 [pid 2092] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2092] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 ./strace-static-x86_64: Process 2096 attached [pid 2093] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2096] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2096] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2093] <... futex resumed>) = 0 [pid 2093] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2096] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2096] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2092] <... futex resumed>) = 0 [pid 2092] exit_group(0) = ? [pid 2093] <... futex resumed>) = ? [pid 2096] <... futex resumed>) = ? [pid 2093] +++ exited with 0 +++ [pid 2096] +++ exited with 0 +++ [pid 2092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2092, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./346", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./346", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./346/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./346/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./346/binderfs") = 0 umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./346/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./346/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./346/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./346") = 0 mkdir("./347", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2097 ./strace-static-x86_64: Process 2097 attached [pid 2097] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2097] chdir("./347") = 0 [pid 2097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2097] setpgid(0, 0) = 0 [pid 2097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2097] write(3, "1000", 4) = 4 [pid 2097] close(3) = 0 [pid 2097] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2097] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2097] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2097] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2098 attached , parent_tid=[2098], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2098 [pid 2098] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2098] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2097] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2098] <... futex resumed>) = 0 [pid 2098] memfd_create("syzkaller", 0 [pid 2097] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2098] <... memfd_create resumed>) = 3 [pid 2098] ftruncate(3, 2097152) = 0 [pid 2098] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2098] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2098] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2098] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2098] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2098] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2098] mkdir("./file0", 0777) = 0 [pid 2098] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2098] ioctl(4, LOOP_CLR_FD) = 0 [pid 2098] close(4) = 0 [pid 2098] close(3) = 0 [pid 2098] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2098] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2097] <... futex resumed>) = 0 [pid 2097] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2098] <... futex resumed>) = 0 [pid 2097] <... futex resumed>) = 1 [pid 2098] chdir("./file0" [pid 2097] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2098] <... chdir resumed>) = 0 [pid 2098] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2097] <... futex resumed>) = 0 [pid 2098] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2097] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2097] <... futex resumed>) = 0 [pid 2098] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2097] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2098] <... openat resumed>) = 3 [pid 2098] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2097] <... futex resumed>) = 0 [pid 2098] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2097] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2098] <... futex resumed>) = 0 [pid 2097] <... futex resumed>) = 1 [pid 2098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2098] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2098] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2097] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2098] <... futex resumed>) = 0 [pid 2097] <... futex resumed>) = 1 [pid 2098] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2097] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2098] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2098] <... futex resumed>) = 0 [pid 2098] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2097] exit_group(0 [pid 2098] <... futex resumed>) = ? [pid 2097] <... exit_group resumed>) = ? [pid 2098] +++ exited with 0 +++ [pid 2097] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2097, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./347", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./347", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./347/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./347/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./347/binderfs") = 0 umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./347/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./347/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./347/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./347") = 0 mkdir("./348", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2101 ./strace-static-x86_64: Process 2101 attached [pid 2101] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2101] chdir("./348") = 0 [pid 2101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2101] setpgid(0, 0) = 0 [pid 2101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2101] write(3, "1000", 4) = 4 [pid 2101] close(3) = 0 [pid 2101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2101] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2101] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2101] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2102], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2102 [pid 2101] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2101] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2102 attached [pid 2102] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2102] memfd_create("syzkaller", 0) = 3 [pid 2102] ftruncate(3, 2097152) = 0 [pid 2102] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2102] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2102] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2102] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2102] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2102] mkdir("./file0", 0777) = 0 [pid 2102] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2102] ioctl(4, LOOP_CLR_FD) = 0 [pid 2102] close(4) = 0 [pid 2102] close(3) = 0 [pid 2102] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2101] <... futex resumed>) = 0 [pid 2102] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2101] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2101] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2102] chdir("./file0") = 0 [pid 2102] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2101] <... futex resumed>) = 0 [pid 2102] <... futex resumed>) = 1 [pid 2101] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2102] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2101] <... futex resumed>) = 0 [pid 2101] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2102] <... openat resumed>) = 3 [pid 2102] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2101] <... futex resumed>) = 0 [pid 2102] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2101] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2101] <... futex resumed>) = 0 [pid 2101] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2101] <... futex resumed>) = 0 [pid 2101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2102] <... write resumed>) = 61 [pid 2101] <... mmap resumed>) = 0x7f697cdae000 [pid 2102] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2101] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2102] <... futex resumed>) = 0 [pid 2101] <... mprotect resumed>) = 0 [pid 2102] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2101] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2105], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2105 [pid 2101] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2101] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2105 attached [pid 2105] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2105] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2105] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2101] <... futex resumed>) = 0 [pid 2105] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2101] exit_group(0) = ? [pid 2105] <... futex resumed>) = ? [pid 2102] <... futex resumed>) = ? [pid 2102] +++ exited with 0 +++ [pid 2105] +++ exited with 0 +++ [pid 2101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2101, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./348", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./348", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./348/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./348/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./348/binderfs") = 0 umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./348/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./348/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./348/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./348") = 0 mkdir("./349", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2106 ./strace-static-x86_64: Process 2106 attached [pid 2106] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2106] chdir("./349") = 0 [pid 2106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2106] setpgid(0, 0) = 0 [pid 2106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2106] write(3, "1000", 4) = 4 [pid 2106] close(3) = 0 [pid 2106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2106] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2106] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2106] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2107], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2107 [pid 2106] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2107 attached [pid 2106] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2107] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2107] memfd_create("syzkaller", 0) = 3 [pid 2107] ftruncate(3, 2097152) = 0 [pid 2107] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2107] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2107] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2107] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2107] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2107] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2107] mkdir("./file0", 0777) = 0 [pid 2107] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2107] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2107] ioctl(4, LOOP_CLR_FD) = 0 [pid 2107] close(4) = 0 [pid 2107] close(3) = 0 [pid 2107] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2106] <... futex resumed>) = 0 [pid 2106] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2106] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2107] <... futex resumed>) = 1 [pid 2107] chdir("./file0") = 0 [pid 2107] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2106] <... futex resumed>) = 0 [pid 2106] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2106] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2107] <... futex resumed>) = 1 [pid 2107] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2107] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2106] <... futex resumed>) = 0 [pid 2106] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2106] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2106] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2106] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2110], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2110 [pid 2106] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2106] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2110 attached [pid 2110] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2110] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2110] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2106] <... futex resumed>) = 0 [pid 2110] <... futex resumed>) = 1 [pid 2110] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = -1 ENOSPC (No space left on device) [pid 2107] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2107] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2106] exit_group(0) = ? [pid 2110] <... futex resumed>) = ? [pid 2110] +++ exited with 0 +++ [pid 2107] <... futex resumed>) = ? [pid 2107] +++ exited with 0 +++ [pid 2106] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2106, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./349", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./349", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./349/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./349/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./349/binderfs") = 0 umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./349/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./349/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./349/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./349") = 0 mkdir("./350", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2111 ./strace-static-x86_64: Process 2111 attached [pid 2111] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2111] chdir("./350") = 0 [pid 2111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2111] setpgid(0, 0) = 0 [pid 2111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2111] write(3, "1000", 4) = 4 [pid 2111] close(3) = 0 [pid 2111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2111] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2111] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2111] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2112], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2112 [pid 2111] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2111] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2112 attached [pid 2112] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2112] memfd_create("syzkaller", 0) = 3 [pid 2112] ftruncate(3, 2097152) = 0 [pid 2112] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2112] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2112] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2112] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2112] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2112] mkdir("./file0", 0777) = 0 [pid 2112] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2112] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2112] ioctl(4, LOOP_CLR_FD) = 0 [pid 2112] close(4) = 0 [pid 2112] close(3) = 0 [pid 2112] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2111] <... futex resumed>) = 0 [pid 2111] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2111] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2112] chdir("./file0") = 0 [pid 2112] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2111] <... futex resumed>) = 0 [pid 2111] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2111] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2112] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2112] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2111] <... futex resumed>) = 0 [pid 2111] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2111] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2111] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2112] <... write resumed>) = 61 [pid 2111] <... mprotect resumed>) = 0 [pid 2112] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2111] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2112] <... futex resumed>) = 0 [pid 2112] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2111] <... clone resumed>, parent_tid=[2115], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2115 [pid 2111] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2111] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2115 attached [pid 2115] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2115] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2115] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2111] <... futex resumed>) = 0 [pid 2111] exit_group(0 [pid 2112] <... futex resumed>) = ? [pid 2111] <... exit_group resumed>) = ? [pid 2112] +++ exited with 0 +++ [pid 2115] <... futex resumed>) = ? [pid 2115] +++ exited with 0 +++ [pid 2111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2111, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./350", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./350", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./350/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./350/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./350/binderfs") = 0 umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./350/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./350/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./350/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./350") = 0 mkdir("./351", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2116 ./strace-static-x86_64: Process 2116 attached [pid 2116] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2116] chdir("./351") = 0 [pid 2116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2116] setpgid(0, 0) = 0 [pid 2116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2116] write(3, "1000", 4) = 4 [pid 2116] close(3) = 0 [pid 2116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2116] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2116] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2116] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2117], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2117 [pid 2116] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2116] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2117 attached [pid 2117] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2117] memfd_create("syzkaller", 0) = 3 [pid 2117] ftruncate(3, 2097152) = 0 [pid 2117] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2117] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2117] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2117] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2117] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2117] mkdir("./file0", 0777) = 0 [pid 2117] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2117] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2117] ioctl(4, LOOP_CLR_FD) = 0 [pid 2117] close(4) = 0 [pid 2117] close(3) = 0 [pid 2117] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2116] <... futex resumed>) = 0 [pid 2116] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2117] chdir("./file0" [pid 2116] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2117] <... chdir resumed>) = 0 [pid 2117] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2117] <... futex resumed>) = 0 [pid 2117] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2116] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2116] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2117] <... openat resumed>) = 3 [pid 2117] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2116] <... futex resumed>) = 0 [pid 2116] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2116] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2117] <... write resumed>) = 61 [pid 2116] <... mmap resumed>) = 0x7f697cdae000 [pid 2117] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2116] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2117] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2116] <... mprotect resumed>) = 0 [pid 2116] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2120], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2120 [pid 2116] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2120 attached [pid 2116] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2120] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2120] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2120] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2116] <... futex resumed>) = 0 [pid 2116] exit_group(0 [pid 2117] <... futex resumed>) = ? [pid 2116] <... exit_group resumed>) = ? [pid 2117] +++ exited with 0 +++ [pid 2120] <... futex resumed>) = ? [pid 2120] +++ exited with 0 +++ [pid 2116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2116, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./351", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./351", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./351/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./351/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./351/binderfs") = 0 umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./351/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./351/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./351/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./351") = 0 mkdir("./352", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2121 ./strace-static-x86_64: Process 2121 attached [pid 2121] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2121] chdir("./352") = 0 [pid 2121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2121] setpgid(0, 0) = 0 [pid 2121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2121] write(3, "1000", 4) = 4 [pid 2121] close(3) = 0 [pid 2121] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2121] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2121] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2121] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2122], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2122 [pid 2121] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2121] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2122 attached [pid 2122] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2122] memfd_create("syzkaller", 0) = 3 [pid 2122] ftruncate(3, 2097152) = 0 [pid 2122] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2122] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2122] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2122] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2122] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2122] mkdir("./file0", 0777) = 0 [pid 2122] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2122] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2122] ioctl(4, LOOP_CLR_FD) = 0 [pid 2122] close(4) = 0 [pid 2122] close(3) = 0 [pid 2122] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2121] <... futex resumed>) = 0 [pid 2121] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2122] chdir("./file0" [pid 2121] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2122] <... chdir resumed>) = 0 [pid 2122] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2121] <... futex resumed>) = 0 [pid 2122] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2121] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2121] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2122] <... openat resumed>) = 3 [pid 2122] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2121] <... futex resumed>) = 0 [pid 2122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2121] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2122] <... write resumed>) = 61 [pid 2121] <... futex resumed>) = 0 [pid 2122] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2121] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2122] <... futex resumed>) = 0 [pid 2121] <... futex resumed>) = 0 [pid 2122] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2121] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2121] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2125], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2125 [pid 2121] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2121] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2125 attached [pid 2125] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2125] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2125] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2121] <... futex resumed>) = 0 [pid 2121] exit_group(0 [pid 2122] <... futex resumed>) = ? [pid 2121] <... exit_group resumed>) = ? [pid 2122] +++ exited with 0 +++ [pid 2125] <... futex resumed>) = ? [pid 2125] +++ exited with 0 +++ [pid 2121] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2121, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./352", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./352", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./352/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./352/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./352/binderfs") = 0 umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./352/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./352/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./352/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./352") = 0 mkdir("./353", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2126 ./strace-static-x86_64: Process 2126 attached [pid 2126] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2126] chdir("./353") = 0 [pid 2126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2126] setpgid(0, 0) = 0 [pid 2126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2126] write(3, "1000", 4) = 4 [pid 2126] close(3) = 0 [pid 2126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2126] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2126] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2126] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2127], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2127 [pid 2126] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2126] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2127 attached [pid 2127] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2127] memfd_create("syzkaller", 0) = 3 [pid 2127] ftruncate(3, 2097152) = 0 [pid 2127] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2127] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2127] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2127] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2127] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2127] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2127] ioctl(4, LOOP_CLR_FD) = 0 [pid 2127] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2127] close(4) = 0 [pid 2127] close(3) = 0 [pid 2127] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2126] <... futex resumed>) = 0 [pid 2126] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2126] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2127] chdir("./file0") = -1 ENOENT (No such file or directory) [pid 2127] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2126] <... futex resumed>) = 0 [pid 2126] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2126] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2127] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2127] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2127] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2126] <... futex resumed>) = 0 [pid 2126] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2126] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2126] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2126] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2128], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2128 [pid 2126] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2126] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2128 attached [pid 2128] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2128] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2128] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2128] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2126] <... futex resumed>) = 0 [pid 2128] <... futex resumed>) = 1 [pid 2128] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2127] <... write resumed>) = 61 [pid 2127] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2127] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2126] exit_group(0) = ? [pid 2127] <... futex resumed>) = ? [pid 2127] +++ exited with 0 +++ [pid 2128] <... futex resumed>) = ? [pid 2128] +++ exited with 0 +++ [pid 2126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2126, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./353", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./353", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 128 umount2("./353/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./353/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./353/binderfs") = 0 umount2("./353/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./353/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=61, ...}) = 0 unlink("./353/cpuset.effective_cpus") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./353") = 0 mkdir("./354", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2129 ./strace-static-x86_64: Process 2129 attached [pid 2129] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2129] chdir("./354") = 0 [pid 2129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2129] setpgid(0, 0) = 0 [pid 2129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2129] write(3, "1000", 4) = 4 [pid 2129] close(3) = 0 [pid 2129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2129] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2129] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2129] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2130], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2130 [pid 2129] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2129] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2130 attached [pid 2130] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2130] memfd_create("syzkaller", 0) = 3 [pid 2130] ftruncate(3, 2097152) = 0 [pid 2130] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2130] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2130] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2130] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2130] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2130] mkdir("./file0", 0777) = 0 [pid 2130] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2130] ioctl(4, LOOP_CLR_FD) = 0 [pid 2130] close(4) = 0 [pid 2130] close(3) = 0 [pid 2130] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2129] <... futex resumed>) = 0 [pid 2130] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2129] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2129] <... futex resumed>) = 0 [pid 2130] chdir("./file0" [pid 2129] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2130] <... chdir resumed>) = 0 [pid 2130] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2129] <... futex resumed>) = 0 [pid 2130] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2129] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2129] <... futex resumed>) = 0 [pid 2130] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2129] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2130] <... openat resumed>) = 3 [pid 2130] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2129] <... futex resumed>) = 0 [pid 2129] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2129] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2129] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2129] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2133], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2133 ./strace-static-x86_64: Process 2133 attached [pid 2130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2129] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2129] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2130] <... write resumed>) = 61 [pid 2133] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2130] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2130] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2133] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2133] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2129] <... futex resumed>) = 0 [pid 2129] exit_group(0 [pid 2130] <... futex resumed>) = ? [pid 2129] <... exit_group resumed>) = ? [pid 2130] +++ exited with 0 +++ [pid 2133] +++ exited with 0 +++ [pid 2129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2129, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./354", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./354", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./354/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./354/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./354/binderfs") = 0 umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./354/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./354/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./354/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./354") = 0 mkdir("./355", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2134 ./strace-static-x86_64: Process 2134 attached [pid 2134] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2134] chdir("./355") = 0 [pid 2134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2134] setpgid(0, 0) = 0 [pid 2134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2134] write(3, "1000", 4) = 4 [pid 2134] close(3) = 0 [pid 2134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2134] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2134] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2134] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2135], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2135 [pid 2134] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2134] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2135 attached [pid 2135] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2135] memfd_create("syzkaller", 0) = 3 [pid 2135] ftruncate(3, 2097152) = 0 [pid 2135] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2135] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2135] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2135] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2135] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2135] mkdir("./file0", 0777) = 0 [pid 2135] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2135] ioctl(4, LOOP_CLR_FD) = 0 [pid 2135] close(4) = 0 [pid 2135] close(3) = 0 [pid 2135] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2134] <... futex resumed>) = 0 [pid 2135] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2134] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2134] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2135] <... futex resumed>) = 0 [pid 2135] chdir("./file0") = 0 [pid 2135] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2134] <... futex resumed>) = 0 [pid 2134] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2134] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2135] <... futex resumed>) = 1 [pid 2135] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2135] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2134] <... futex resumed>) = 0 [pid 2134] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2134] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2134] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2134] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2138 attached [pid 2135] <... futex resumed>) = 1 [pid 2134] <... clone resumed>, parent_tid=[2138], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2138 [pid 2134] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2134] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2138] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2138] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2138] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2138] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2134] <... futex resumed>) = 0 [pid 2138] <... futex resumed>) = 1 [pid 2138] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2135] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 2135] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2135] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2134] exit_group(0) = ? [pid 2135] <... futex resumed>) = ? [pid 2135] +++ exited with 0 +++ [pid 2138] <... futex resumed>) = ? [pid 2138] +++ exited with 0 +++ [pid 2134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2134, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./355", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./355", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./355/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./355/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./355/binderfs") = 0 umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./355/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./355/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./355/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./355") = 0 mkdir("./356", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2139 ./strace-static-x86_64: Process 2139 attached [pid 2139] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2139] chdir("./356") = 0 [pid 2139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2139] setpgid(0, 0) = 0 [pid 2139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2139] write(3, "1000", 4) = 4 [pid 2139] close(3) = 0 [pid 2139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2139] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2139] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2139] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2140], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2140 [pid 2139] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2139] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2140 attached [pid 2140] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2140] memfd_create("syzkaller", 0) = 3 [pid 2140] ftruncate(3, 2097152) = 0 [pid 2140] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2140] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2140] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2140] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2140] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2140] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2140] mkdir("./file0", 0777) = 0 [pid 2140] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2140] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2140] ioctl(4, LOOP_CLR_FD) = 0 [pid 2140] close(4) = 0 [pid 2140] close(3) = 0 [pid 2140] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2139] <... futex resumed>) = 0 [pid 2139] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2139] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2140] <... futex resumed>) = 1 [pid 2140] chdir("./file0") = 0 [pid 2140] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2139] <... futex resumed>) = 0 [pid 2139] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2139] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2140] <... futex resumed>) = 1 [pid 2140] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2140] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2139] <... futex resumed>) = 0 [pid 2139] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2139] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2139] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2139] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2143], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2143 [pid 2139] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2139] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2140] <... futex resumed>) = 1 [pid 2140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2140] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2140] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2143 attached [pid 2143] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2143] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2143] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2139] <... futex resumed>) = 0 [pid 2143] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2139] exit_group(0) = ? [pid 2140] <... futex resumed>) = ? [pid 2140] +++ exited with 0 +++ [pid 2143] <... futex resumed>) = ? [pid 2143] +++ exited with 0 +++ [pid 2139] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2139, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./356", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./356", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./356/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./356/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./356/binderfs") = 0 umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./356/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./356/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./356/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./356") = 0 mkdir("./357", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2144 ./strace-static-x86_64: Process 2144 attached [pid 2144] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2144] chdir("./357") = 0 [pid 2144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2144] setpgid(0, 0) = 0 [pid 2144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2144] write(3, "1000", 4) = 4 [pid 2144] close(3) = 0 [pid 2144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2144] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2144] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2144] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2145], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2145 [pid 2144] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2144] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2145 attached [pid 2145] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2145] memfd_create("syzkaller", 0) = 3 [pid 2145] ftruncate(3, 2097152) = 0 [pid 2145] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2145] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2145] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2145] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2145] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2145] mkdir("./file0", 0777) = 0 [pid 2145] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2145] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2145] ioctl(4, LOOP_CLR_FD) = 0 [pid 2145] close(4) = 0 [pid 2145] close(3) = 0 [pid 2145] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2144] <... futex resumed>) = 0 [pid 2144] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2144] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2145] <... futex resumed>) = 1 [pid 2145] chdir("./file0") = 0 [pid 2145] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2144] <... futex resumed>) = 0 [pid 2144] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2144] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2145] <... futex resumed>) = 1 [pid 2145] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2145] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2144] <... futex resumed>) = 0 [pid 2144] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2144] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2144] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2144] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2148], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2148 [pid 2144] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2144] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2145] <... futex resumed>) = 1 [pid 2145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2145] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2145] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2148 attached [pid 2148] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2148] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2148] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2144] <... futex resumed>) = 0 [pid 2144] exit_group(0 [pid 2145] <... futex resumed>) = ? [pid 2144] <... exit_group resumed>) = ? [pid 2145] +++ exited with 0 +++ [pid 2148] <... futex resumed>) = ? [pid 2148] +++ exited with 0 +++ [pid 2144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2144, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./357", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./357", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./357/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./357/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./357/binderfs") = 0 umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./357/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./357/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./357/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./357") = 0 mkdir("./358", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2149 ./strace-static-x86_64: Process 2149 attached [pid 2149] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2149] chdir("./358") = 0 [pid 2149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2149] setpgid(0, 0) = 0 [pid 2149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2149] write(3, "1000", 4) = 4 [pid 2149] close(3) = 0 [pid 2149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2149] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2149] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2149] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2150 attached , parent_tid=[2150], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2150 [pid 2149] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2149] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2150] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2150] memfd_create("syzkaller", 0) = 3 [pid 2150] ftruncate(3, 2097152) = 0 [pid 2150] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2150] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2150] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2150] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2150] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2150] mkdir("./file0", 0777) = 0 [pid 2150] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2150] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2150] ioctl(4, LOOP_CLR_FD) = 0 [pid 2150] close(4) = 0 [pid 2150] close(3) = 0 [pid 2150] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2149] <... futex resumed>) = 0 [pid 2149] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2149] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2150] <... futex resumed>) = 1 [pid 2150] chdir("./file0") = 0 [pid 2150] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2149] <... futex resumed>) = 0 [pid 2149] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2149] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2150] <... futex resumed>) = 1 [pid 2150] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2150] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2149] <... futex resumed>) = 0 [pid 2150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2149] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2150] <... write resumed>) = 61 [pid 2149] <... futex resumed>) = 0 [pid 2150] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2149] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2150] <... futex resumed>) = 0 [pid 2149] <... futex resumed>) = 0 [pid 2150] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2149] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2149] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2153], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2153 [pid 2149] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2149] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2153 attached [pid 2153] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2153] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2153] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2149] <... futex resumed>) = 0 [pid 2149] exit_group(0) = ? [pid 2150] <... futex resumed>) = ? [pid 2150] +++ exited with 0 +++ [pid 2153] +++ exited with 0 +++ [pid 2149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2149, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./358", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./358", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./358/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./358/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./358/binderfs") = 0 umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./358/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./358/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./358/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./358") = 0 mkdir("./359", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2154 ./strace-static-x86_64: Process 2154 attached [pid 2154] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2154] chdir("./359") = 0 [pid 2154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2154] setpgid(0, 0) = 0 [pid 2154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2154] write(3, "1000", 4) = 4 [pid 2154] close(3) = 0 [pid 2154] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2154] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2154] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2154] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2155], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2155 [pid 2154] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2154] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2155 attached [pid 2155] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2155] memfd_create("syzkaller", 0) = 3 [pid 2155] ftruncate(3, 2097152) = 0 [pid 2155] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2155] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2155] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2155] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2155] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2155] mkdir("./file0", 0777) = 0 [pid 2155] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2155] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2155] ioctl(4, LOOP_CLR_FD) = 0 [pid 2155] close(4) = 0 [pid 2155] close(3) = 0 [pid 2155] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2154] <... futex resumed>) = 0 [pid 2154] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2154] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2155] <... futex resumed>) = 1 [pid 2155] chdir("./file0") = 0 [pid 2155] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2154] <... futex resumed>) = 0 [pid 2154] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2154] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2155] <... futex resumed>) = 1 [pid 2155] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2155] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2154] <... futex resumed>) = 0 [pid 2154] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2154] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2154] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2154] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2158], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2158 [pid 2154] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2154] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2155] <... futex resumed>) = 1 [pid 2155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2155] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2155] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2158 attached [pid 2158] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2158] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2158] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2154] <... futex resumed>) = 0 [pid 2154] exit_group(0) = ? [pid 2155] <... futex resumed>) = ? [pid 2155] +++ exited with 0 +++ [pid 2158] <... futex resumed>) = ? [pid 2158] +++ exited with 0 +++ [pid 2154] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2154, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./359", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./359", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./359/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./359/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./359/binderfs") = 0 umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./359/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./359/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./359/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./359") = 0 mkdir("./360", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2159 ./strace-static-x86_64: Process 2159 attached [pid 2159] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2159] chdir("./360") = 0 [pid 2159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2159] setpgid(0, 0) = 0 [pid 2159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2159] write(3, "1000", 4) = 4 [pid 2159] close(3) = 0 [pid 2159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2159] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2159] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2159] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2160], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2160 [pid 2159] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2159] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2160 attached [pid 2160] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2160] memfd_create("syzkaller", 0) = 3 [pid 2160] ftruncate(3, 2097152) = 0 [pid 2160] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2160] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2160] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2160] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2160] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2160] mkdir("./file0", 0777) = 0 [pid 2160] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2160] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2160] ioctl(4, LOOP_CLR_FD) = 0 [pid 2160] close(4) = 0 [pid 2160] close(3) = 0 [pid 2160] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2160] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2159] <... futex resumed>) = 0 [pid 2159] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2159] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2160] <... futex resumed>) = 0 [pid 2160] chdir("./file0") = 0 [pid 2160] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2159] <... futex resumed>) = 0 [pid 2159] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2159] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2160] <... futex resumed>) = 1 [pid 2160] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2160] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2159] <... futex resumed>) = 0 [pid 2159] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2159] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2159] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2159] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2163], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2163 [pid 2159] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2159] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2163 attached [pid 2163] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2163] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2160] <... futex resumed>) = 1 [pid 2163] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2163] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2159] <... futex resumed>) = 0 [pid 2163] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2160] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 2160] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2160] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2159] exit_group(0) = ? [pid 2163] <... futex resumed>) = ? [pid 2160] <... futex resumed>) = ? [pid 2163] +++ exited with 0 +++ [pid 2160] +++ exited with 0 +++ [pid 2159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2159, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./360", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./360", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./360/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./360/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./360/binderfs") = 0 umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./360/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./360/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./360/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./360") = 0 mkdir("./361", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2164 ./strace-static-x86_64: Process 2164 attached [pid 2164] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2164] chdir("./361") = 0 [pid 2164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2164] setpgid(0, 0) = 0 [pid 2164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2164] write(3, "1000", 4) = 4 [pid 2164] close(3) = 0 [pid 2164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2164] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2164] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2164] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2165], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2165 [pid 2164] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2164] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2165 attached [pid 2165] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2165] memfd_create("syzkaller", 0) = 3 [pid 2165] ftruncate(3, 2097152) = 0 [pid 2165] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2165] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2165] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2165] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2165] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2165] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2165] mkdir("./file0", 0777) = 0 [pid 2165] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2165] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2165] ioctl(4, LOOP_CLR_FD) = 0 [pid 2165] close(4) = 0 [pid 2165] close(3) = 0 [pid 2165] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2164] <... futex resumed>) = 0 [pid 2164] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2164] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2165] <... futex resumed>) = 1 [pid 2165] chdir("./file0") = 0 [pid 2165] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2164] <... futex resumed>) = 0 [pid 2164] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2164] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2165] <... futex resumed>) = 1 [pid 2165] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2165] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2164] <... futex resumed>) = 0 [pid 2164] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2164] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2164] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2164] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2168 attached , parent_tid=[2168], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2168 [pid 2168] set_robust_list(0x7f697cdce9e0, 24 [pid 2164] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2168] <... set_robust_list resumed>) = 0 [pid 2164] <... futex resumed>) = 0 [pid 2168] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2164] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2165] <... futex resumed>) = 1 [pid 2168] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2165] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2168] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2165] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 2165] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2164] <... futex resumed>) = 0 [pid 2165] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2164] exit_group(0 [pid 2168] <... futex resumed>) = ? [pid 2165] <... futex resumed>) = ? [pid 2164] <... exit_group resumed>) = ? [pid 2168] +++ exited with 0 +++ [pid 2165] +++ exited with 0 +++ [pid 2164] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2164, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./361", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./361", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./361/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./361/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./361/binderfs") = 0 umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./361/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./361/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./361/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./361") = 0 mkdir("./362", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2169 ./strace-static-x86_64: Process 2169 attached [pid 2169] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2169] chdir("./362") = 0 [pid 2169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2169] setpgid(0, 0) = 0 [pid 2169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2169] write(3, "1000", 4) = 4 [pid 2169] close(3) = 0 [pid 2169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2169] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2169] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2169] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2170], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2170 [pid 2169] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2169] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2170 attached [pid 2170] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2170] memfd_create("syzkaller", 0) = 3 [pid 2170] ftruncate(3, 2097152) = 0 [pid 2170] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2170] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2170] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2170] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2170] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2170] mkdir("./file0", 0777) = 0 [pid 2170] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2170] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2170] ioctl(4, LOOP_CLR_FD) = 0 [pid 2170] close(4) = 0 [pid 2170] close(3) = 0 [pid 2170] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2169] <... futex resumed>) = 0 [pid 2170] <... futex resumed>) = 1 [pid 2169] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2169] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2170] chdir("./file0") = 0 [pid 2170] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2169] <... futex resumed>) = 0 [pid 2170] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2169] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2169] <... futex resumed>) = 0 [pid 2170] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2169] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2170] <... openat resumed>) = 3 [pid 2170] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2170] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2169] <... futex resumed>) = 0 [pid 2169] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2170] <... futex resumed>) = 0 [pid 2169] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2170] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2169] <... futex resumed>) = 0 [pid 2169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2169] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2170] <... write resumed>) = 61 [pid 2169] <... mprotect resumed>) = 0 [pid 2170] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2169] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2170] <... futex resumed>) = 0 [pid 2170] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2173 attached [pid 2169] <... clone resumed>, parent_tid=[2173], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2173 [pid 2173] set_robust_list(0x7f697cdce9e0, 24 [pid 2169] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2173] <... set_robust_list resumed>) = 0 [pid 2169] <... futex resumed>) = 0 [pid 2173] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2169] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2173] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2173] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2169] <... futex resumed>) = 0 [pid 2173] <... futex resumed>) = 1 [pid 2173] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2169] exit_group(0) = ? [pid 2170] <... futex resumed>) = 231 [pid 2173] <... futex resumed>) = ? [pid 2170] +++ exited with 0 +++ [pid 2173] +++ exited with 0 +++ [pid 2169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2169, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./362", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./362", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./362/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./362/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./362/binderfs") = 0 umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./362/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./362/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./362/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./362") = 0 mkdir("./363", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2174 ./strace-static-x86_64: Process 2174 attached [pid 2174] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2174] chdir("./363") = 0 [pid 2174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2174] setpgid(0, 0) = 0 [pid 2174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2174] write(3, "1000", 4) = 4 [pid 2174] close(3) = 0 [pid 2174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2174] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2174] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2174] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2175], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2175 [pid 2174] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2174] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2175 attached [pid 2175] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2175] memfd_create("syzkaller", 0) = 3 [pid 2175] ftruncate(3, 2097152) = 0 [pid 2175] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2175] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2175] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2175] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2175] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2175] mkdir("./file0", 0777) = 0 [pid 2175] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2175] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2175] ioctl(4, LOOP_CLR_FD) = 0 [pid 2175] close(4) = 0 [pid 2175] close(3) = 0 [pid 2175] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2175] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2174] <... futex resumed>) = 0 [pid 2174] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2174] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2175] <... futex resumed>) = 0 [pid 2175] chdir("./file0") = 0 [pid 2175] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2174] <... futex resumed>) = 0 [pid 2174] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2174] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2175] <... futex resumed>) = 1 [pid 2175] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2175] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2174] <... futex resumed>) = 0 [pid 2174] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2174] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2174] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2174] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2178 attached , parent_tid=[2178], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2178 [pid 2178] set_robust_list(0x7f697cdce9e0, 24 [pid 2174] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2178] <... set_robust_list resumed>) = 0 [pid 2174] <... futex resumed>) = 0 [pid 2178] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2174] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2175] <... futex resumed>) = 1 [pid 2175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2175] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2175] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2178] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2178] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2174] <... futex resumed>) = 0 [pid 2174] exit_group(0) = ? [pid 2175] <... futex resumed>) = ? [pid 2175] +++ exited with 0 +++ [pid 2178] <... futex resumed>) = ? [pid 2178] +++ exited with 0 +++ [pid 2174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2174, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./363", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./363", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./363/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./363/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./363/binderfs") = 0 umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./363/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./363/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./363/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./363") = 0 mkdir("./364", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2179 ./strace-static-x86_64: Process 2179 attached [pid 2179] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2179] chdir("./364") = 0 [pid 2179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2179] setpgid(0, 0) = 0 [pid 2179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2179] write(3, "1000", 4) = 4 [pid 2179] close(3) = 0 [pid 2179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2179] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2179] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2179] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2180], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2180 [pid 2179] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2179] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2180 attached [pid 2180] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2180] memfd_create("syzkaller", 0) = 3 [pid 2180] ftruncate(3, 2097152) = 0 [pid 2180] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2180] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2180] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2180] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2180] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2180] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2180] mkdir("./file0", 0777) = 0 [pid 2180] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2180] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2180] ioctl(4, LOOP_CLR_FD) = 0 [pid 2180] close(4) = 0 [pid 2180] close(3) = 0 [pid 2180] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2179] <... futex resumed>) = 0 [pid 2179] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2180] <... futex resumed>) = 1 [pid 2179] <... futex resumed>) = 0 [pid 2179] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2180] chdir("./file0") = 0 [pid 2180] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2179] <... futex resumed>) = 0 [pid 2179] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2180] <... futex resumed>) = 1 [pid 2179] <... futex resumed>) = 0 [pid 2179] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2180] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2180] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2179] <... futex resumed>) = 0 [pid 2179] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2179] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2179] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2180] <... futex resumed>) = 1 [pid 2180] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2179] <... mprotect resumed>) = 0 [pid 2180] <... write resumed>) = 61 [pid 2179] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2180] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2180] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2183 attached [pid 2179] <... clone resumed>, parent_tid=[2183], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2183 [pid 2183] set_robust_list(0x7f697cdce9e0, 24 [pid 2179] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2183] <... set_robust_list resumed>) = 0 [pid 2179] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2183] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2183] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2179] <... futex resumed>) = 0 [pid 2179] exit_group(0) = ? [pid 2180] <... futex resumed>) = ? [pid 2180] +++ exited with 0 +++ [pid 2183] <... futex resumed>) = ? [pid 2183] +++ exited with 0 +++ [pid 2179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2179, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./364", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./364", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./364/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./364/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./364/binderfs") = 0 umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./364/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./364/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./364/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./364") = 0 mkdir("./365", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2184 ./strace-static-x86_64: Process 2184 attached [pid 2184] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2184] chdir("./365") = 0 [pid 2184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2184] setpgid(0, 0) = 0 [pid 2184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2184] write(3, "1000", 4) = 4 [pid 2184] close(3) = 0 [pid 2184] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2184] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2184] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2184] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2185], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2185 [pid 2184] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2184] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2185 attached [pid 2185] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2185] memfd_create("syzkaller", 0) = 3 [pid 2185] ftruncate(3, 2097152) = 0 [pid 2185] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2185] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2185] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2185] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2185] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2185] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2185] mkdir("./file0", 0777) = 0 [pid 2185] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2185] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2185] ioctl(4, LOOP_CLR_FD) = 0 [pid 2185] close(4) = 0 [pid 2185] close(3) = 0 [pid 2185] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2184] <... futex resumed>) = 0 [pid 2184] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2184] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2185] <... futex resumed>) = 1 [pid 2185] chdir("./file0") = 0 [pid 2185] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2184] <... futex resumed>) = 0 [pid 2184] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2184] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2185] <... futex resumed>) = 1 [pid 2185] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2185] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2184] <... futex resumed>) = 0 [pid 2184] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2184] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2184] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2184] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2188], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2188 [pid 2184] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2184] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2185] <... futex resumed>) = 1 [pid 2185] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2185] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2185] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2188 attached [pid 2188] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2188] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2188] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2184] <... futex resumed>) = 0 [pid 2184] exit_group(0) = ? [pid 2185] <... futex resumed>) = ? [pid 2185] +++ exited with 0 +++ [pid 2188] <... futex resumed>) = ? [pid 2188] +++ exited with 0 +++ [pid 2184] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2184, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./365", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./365", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./365/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./365/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./365/binderfs") = 0 umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./365/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./365/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./365/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./365") = 0 mkdir("./366", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2189 ./strace-static-x86_64: Process 2189 attached [pid 2189] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2189] chdir("./366") = 0 [pid 2189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2189] setpgid(0, 0) = 0 [pid 2189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2189] write(3, "1000", 4) = 4 [pid 2189] close(3) = 0 [pid 2189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2189] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2189] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2189] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2190], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2190 [pid 2189] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2189] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2190 attached [pid 2190] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2190] memfd_create("syzkaller", 0) = 3 [pid 2190] ftruncate(3, 2097152) = 0 [pid 2190] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2190] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2190] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2190] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2190] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2190] mkdir("./file0", 0777) = 0 [pid 2190] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2190] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2190] ioctl(4, LOOP_CLR_FD) = 0 [pid 2190] close(4) = 0 [pid 2190] close(3) = 0 [pid 2190] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2189] <... futex resumed>) = 0 [pid 2190] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2189] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2189] <... futex resumed>) = 0 [pid 2190] chdir("./file0" [pid 2189] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2190] <... chdir resumed>) = 0 [pid 2190] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2189] <... futex resumed>) = 0 [pid 2190] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2189] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2189] <... futex resumed>) = 0 [pid 2190] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2189] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2190] <... openat resumed>) = 3 [pid 2190] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2189] <... futex resumed>) = 0 [pid 2190] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2189] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2189] <... futex resumed>) = 0 [pid 2190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2189] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2190] <... write resumed>) = 61 [pid 2189] <... futex resumed>) = 0 [pid 2190] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2190] <... futex resumed>) = 0 [pid 2189] <... mmap resumed>) = 0x7f697cdae000 [pid 2190] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2189] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2189] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2193], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2193 [pid 2189] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2189] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2193 attached [pid 2193] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2193] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2193] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2189] <... futex resumed>) = 0 [pid 2189] exit_group(0) = ? [pid 2190] <... futex resumed>) = 231 [pid 2190] +++ exited with 0 +++ [pid 2193] +++ exited with 0 +++ [pid 2189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2189, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./366", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./366", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./366/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./366/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./366/binderfs") = 0 umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./366/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./366/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./366/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./366") = 0 mkdir("./367", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2194 ./strace-static-x86_64: Process 2194 attached [pid 2194] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2194] chdir("./367") = 0 [pid 2194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2194] setpgid(0, 0) = 0 [pid 2194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2194] write(3, "1000", 4) = 4 [pid 2194] close(3) = 0 [pid 2194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2194] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2194] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2194] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2195], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2195 [pid 2194] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2194] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2195 attached [pid 2195] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2195] memfd_create("syzkaller", 0) = 3 [pid 2195] ftruncate(3, 2097152) = 0 [pid 2195] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2195] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2195] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2195] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2195] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2195] mkdir("./file0", 0777) = 0 [pid 2195] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2195] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2195] ioctl(4, LOOP_CLR_FD) = 0 [pid 2195] close(4) = 0 [pid 2195] close(3) = 0 [pid 2195] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2194] <... futex resumed>) = 0 [pid 2194] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2194] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2195] chdir("./file0") = 0 [pid 2195] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2194] <... futex resumed>) = 0 [pid 2194] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2194] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2195] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2195] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2194] <... futex resumed>) = 0 [pid 2194] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2194] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2194] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2194] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2198], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2198 [pid 2194] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2194] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2198 attached [pid 2195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2198] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2195] <... write resumed>) = 61 [pid 2198] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2195] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2195] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2198] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2198] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2198] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2194] <... futex resumed>) = 0 [pid 2194] exit_group(0 [pid 2198] <... futex resumed>) = ? [pid 2195] <... futex resumed>) = ? [pid 2194] <... exit_group resumed>) = ? [pid 2195] +++ exited with 0 +++ [pid 2198] +++ exited with 0 +++ [pid 2194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2194, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./367", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./367", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./367/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./367/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./367/binderfs") = 0 umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./367/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./367/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./367/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./367") = 0 mkdir("./368", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2199 ./strace-static-x86_64: Process 2199 attached [pid 2199] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2199] chdir("./368") = 0 [pid 2199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2199] setpgid(0, 0) = 0 [pid 2199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2199] write(3, "1000", 4) = 4 [pid 2199] close(3) = 0 [pid 2199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2199] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2199] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2199] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2200 attached [pid 2200] set_robust_list(0x7f697cdef9e0, 24 [pid 2199] <... clone resumed>, parent_tid=[2200], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2200 [pid 2200] <... set_robust_list resumed>) = 0 [pid 2199] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2200] memfd_create("syzkaller", 0 [pid 2199] <... futex resumed>) = 0 [pid 2199] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2200] <... memfd_create resumed>) = 3 [pid 2200] ftruncate(3, 2097152) = 0 [pid 2200] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2200] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2200] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2200] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2200] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2200] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2200] mkdir("./file0", 0777) = 0 [pid 2200] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2200] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2200] ioctl(4, LOOP_CLR_FD) = 0 [pid 2200] close(4) = 0 [pid 2200] close(3) = 0 [pid 2200] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2200] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2199] <... futex resumed>) = 0 [pid 2199] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2200] <... futex resumed>) = 0 [pid 2200] chdir("./file0") = 0 [pid 2200] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2200] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2199] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2199] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2200] <... futex resumed>) = 0 [pid 2200] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2199] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2200] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2200] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2199] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2199] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2200] <... futex resumed>) = 0 [pid 2199] <... futex resumed>) = 1 [pid 2200] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2200] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2200] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2199] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2200] <... futex resumed>) = 0 [pid 2199] <... futex resumed>) = 1 [pid 2200] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2199] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2200] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2200] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2200] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2199] <... futex resumed>) = 0 [pid 2199] exit_group(0 [pid 2200] <... futex resumed>) = ? [pid 2199] <... exit_group resumed>) = ? [pid 2200] +++ exited with 0 +++ [pid 2199] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2199, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./368", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./368", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./368/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./368/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./368/binderfs") = 0 umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./368/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./368/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./368/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./368") = 0 mkdir("./369", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2203 ./strace-static-x86_64: Process 2203 attached [pid 2203] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2203] chdir("./369") = 0 [pid 2203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2203] setpgid(0, 0) = 0 [pid 2203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2203] write(3, "1000", 4) = 4 [pid 2203] close(3) = 0 [pid 2203] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2203] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2203] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2203] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2204], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2204 [pid 2203] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2203] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2204 attached [pid 2204] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2204] memfd_create("syzkaller", 0) = 3 [pid 2204] ftruncate(3, 2097152) = 0 [pid 2204] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2204] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2204] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2204] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2204] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2204] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2204] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2204] mkdir("./file0", 0777) = 0 [pid 2204] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2204] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2204] ioctl(4, LOOP_CLR_FD) = 0 [pid 2204] close(4) = 0 [pid 2204] close(3) = 0 [pid 2204] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2203] <... futex resumed>) = 0 [pid 2203] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2203] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2204] <... futex resumed>) = 1 [pid 2204] chdir("./file0") = 0 [pid 2204] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2203] <... futex resumed>) = 0 [pid 2203] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2203] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2204] <... futex resumed>) = 1 [pid 2204] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2204] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2203] <... futex resumed>) = 0 [pid 2203] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2203] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2203] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2203] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2207], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2207 [pid 2203] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2203] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2204] <... futex resumed>) = 1 [pid 2204] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2204] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2204] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2207 attached [pid 2207] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2207] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2207] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2203] <... futex resumed>) = 0 [pid 2203] exit_group(0) = ? [pid 2207] <... futex resumed>) = ? [pid 2204] <... futex resumed>) = ? [pid 2204] +++ exited with 0 +++ [pid 2207] +++ exited with 0 +++ [pid 2203] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2203, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./369", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./369", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./369/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./369/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./369/binderfs") = 0 umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./369/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./369/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./369/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./369") = 0 mkdir("./370", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2208 ./strace-static-x86_64: Process 2208 attached [pid 2208] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2208] chdir("./370") = 0 [pid 2208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2208] setpgid(0, 0) = 0 [pid 2208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2208] write(3, "1000", 4) = 4 [pid 2208] close(3) = 0 [pid 2208] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2208] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2208] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2208] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2209], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2209 [pid 2208] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2208] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2209 attached [pid 2209] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2209] memfd_create("syzkaller", 0) = 3 [pid 2209] ftruncate(3, 2097152) = 0 [pid 2209] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2209] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2209] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2209] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2209] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2209] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2209] mkdir("./file0", 0777) = 0 [pid 2209] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2209] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2209] ioctl(4, LOOP_CLR_FD) = 0 [pid 2209] close(4) = 0 [pid 2209] close(3) = 0 [pid 2209] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2208] <... futex resumed>) = 0 [pid 2209] chdir("./file0" [pid 2208] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2209] <... chdir resumed>) = 0 [pid 2208] <... futex resumed>) = 0 [pid 2208] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2209] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2209] <... futex resumed>) = 0 [pid 2209] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2208] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2208] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2209] <... openat resumed>) = 3 [pid 2209] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2208] <... futex resumed>) = 0 [pid 2208] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2208] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2208] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2209] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2208] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2209] <... write resumed>) = 61 [pid 2208] <... clone resumed>, parent_tid=[2212], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2212 [pid 2208] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2208] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2212 attached [pid 2212] set_robust_list(0x7f697cdce9e0, 24 [pid 2209] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2212] <... set_robust_list resumed>) = 0 [pid 2212] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2209] <... futex resumed>) = 0 [pid 2212] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2209] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2212] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2208] <... futex resumed>) = 0 [pid 2208] exit_group(0) = ? [pid 2209] <... futex resumed>) = ? [pid 2209] +++ exited with 0 +++ [pid 2212] <... futex resumed>) = ? [pid 2212] +++ exited with 0 +++ [pid 2208] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2208, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./370", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./370", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./370/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./370/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./370/binderfs") = 0 umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./370/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./370/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./370/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./370") = 0 mkdir("./371", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2213 ./strace-static-x86_64: Process 2213 attached [pid 2213] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2213] chdir("./371") = 0 [pid 2213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2213] setpgid(0, 0) = 0 [pid 2213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2213] write(3, "1000", 4) = 4 [pid 2213] close(3) = 0 [pid 2213] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2213] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2213] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2213] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2214], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2214 [pid 2213] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2213] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2214 attached [pid 2214] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2214] memfd_create("syzkaller", 0) = 3 [pid 2214] ftruncate(3, 2097152) = 0 [pid 2214] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2214] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2214] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2214] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2214] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2214] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2214] mkdir("./file0", 0777) = 0 [pid 2214] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2214] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2214] ioctl(4, LOOP_CLR_FD) = 0 [pid 2214] close(4) = 0 [pid 2214] close(3) = 0 [pid 2214] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2214] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2213] <... futex resumed>) = 0 [pid 2213] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2214] <... futex resumed>) = 0 [pid 2213] <... futex resumed>) = 1 [pid 2214] chdir("./file0" [pid 2213] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2214] <... chdir resumed>) = 0 [pid 2214] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2213] <... futex resumed>) = 0 [pid 2213] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2214] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2213] <... futex resumed>) = 0 [pid 2213] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2214] <... openat resumed>) = 3 [pid 2214] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2214] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2213] <... futex resumed>) = 0 [pid 2213] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2214] <... futex resumed>) = 0 [pid 2213] <... futex resumed>) = 1 [pid 2214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2213] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2214] <... write resumed>) = 61 [pid 2213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2214] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2213] <... mmap resumed>) = 0x7f697cdae000 [pid 2213] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2213] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2217 attached [pid 2217] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2217] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2214] <... futex resumed>) = 0 [pid 2213] <... clone resumed>, parent_tid=[2217], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2217 [pid 2214] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2213] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2217] <... futex resumed>) = 0 [pid 2213] <... futex resumed>) = 1 [pid 2217] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2213] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2217] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2217] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2213] <... futex resumed>) = 0 [pid 2217] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2213] exit_group(0) = ? [pid 2214] <... futex resumed>) = ? [pid 2214] +++ exited with 0 +++ [pid 2217] <... futex resumed>) = ? [pid 2217] +++ exited with 0 +++ [pid 2213] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2213, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./371", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./371", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./371/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./371/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./371/binderfs") = 0 umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./371/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./371/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./371/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./371") = 0 mkdir("./372", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2218 ./strace-static-x86_64: Process 2218 attached [pid 2218] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2218] chdir("./372") = 0 [pid 2218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2218] setpgid(0, 0) = 0 [pid 2218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2218] write(3, "1000", 4) = 4 [pid 2218] close(3) = 0 [pid 2218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2218] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2218] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2218] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2219], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2219 [pid 2218] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2218] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2219 attached [pid 2219] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2219] memfd_create("syzkaller", 0) = 3 [pid 2219] ftruncate(3, 2097152) = 0 [pid 2219] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2219] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2219] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2219] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2219] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2219] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2219] mkdir("./file0", 0777) = 0 [pid 2219] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2219] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2219] ioctl(4, LOOP_CLR_FD) = 0 [pid 2219] close(4) = 0 [pid 2219] close(3) = 0 [pid 2219] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2218] <... futex resumed>) = 0 [pid 2218] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2218] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2219] <... futex resumed>) = 1 [pid 2219] chdir("./file0") = 0 [pid 2219] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2218] <... futex resumed>) = 0 [pid 2218] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2218] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2219] <... futex resumed>) = 1 [pid 2219] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2219] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2218] <... futex resumed>) = 0 [pid 2219] <... futex resumed>) = 1 [pid 2218] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2218] <... futex resumed>) = 0 [pid 2218] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2219] <... write resumed>) = 61 [pid 2218] <... mmap resumed>) = 0x7f697cdae000 [pid 2219] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2218] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2219] <... futex resumed>) = 0 [pid 2218] <... mprotect resumed>) = 0 [pid 2218] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2219] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2218] <... clone resumed>, parent_tid=[2222], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2222 [pid 2218] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2218] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2222 attached [pid 2222] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2222] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2222] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2218] <... futex resumed>) = 0 [pid 2218] exit_group(0) = ? [pid 2222] <... futex resumed>) = ? [pid 2219] <... futex resumed>) = ? [pid 2222] +++ exited with 0 +++ [pid 2219] +++ exited with 0 +++ [pid 2218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2218, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./372", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./372", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./372/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./372/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./372/binderfs") = 0 umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./372/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./372/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./372/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./372") = 0 mkdir("./373", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2223 ./strace-static-x86_64: Process 2223 attached [pid 2223] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2223] chdir("./373") = 0 [pid 2223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2223] setpgid(0, 0) = 0 [pid 2223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2223] write(3, "1000", 4) = 4 [pid 2223] close(3) = 0 [pid 2223] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2223] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2223] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2223] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2224], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2224 [pid 2223] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2223] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2224 attached [pid 2224] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2224] memfd_create("syzkaller", 0) = 3 [pid 2224] ftruncate(3, 2097152) = 0 [pid 2224] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2224] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2224] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2224] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2224] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2224] mkdir("./file0", 0777) = 0 [pid 2224] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2224] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2224] ioctl(4, LOOP_CLR_FD) = 0 [pid 2224] close(4) = 0 [pid 2224] close(3) = 0 [pid 2224] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2223] <... futex resumed>) = 0 [pid 2223] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2223] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2224] <... futex resumed>) = 1 [pid 2224] chdir("./file0") = 0 [pid 2224] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2223] <... futex resumed>) = 0 [pid 2223] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2223] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2224] <... futex resumed>) = 1 [pid 2224] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2224] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2223] <... futex resumed>) = 0 [pid 2223] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2223] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2223] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2223] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2227], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2227 [pid 2223] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2223] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2224] <... futex resumed>) = 1 [pid 2224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2224] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2224] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2227 attached [pid 2227] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2227] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2227] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2223] <... futex resumed>) = 0 [pid 2223] exit_group(0 [pid 2224] <... futex resumed>) = ? [pid 2223] <... exit_group resumed>) = ? [pid 2224] +++ exited with 0 +++ [pid 2227] <... futex resumed>) = ? [pid 2227] +++ exited with 0 +++ [pid 2223] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2223, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./373", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./373", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./373/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./373/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./373/binderfs") = 0 umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./373/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./373/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./373/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./373") = 0 mkdir("./374", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2228 ./strace-static-x86_64: Process 2228 attached [pid 2228] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2228] chdir("./374") = 0 [pid 2228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2228] setpgid(0, 0) = 0 [pid 2228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2228] write(3, "1000", 4) = 4 [pid 2228] close(3) = 0 [pid 2228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2228] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2228] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2228] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2229 attached , parent_tid=[2229], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2229 [pid 2229] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2228] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2228] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2229] memfd_create("syzkaller", 0) = 3 [pid 2229] ftruncate(3, 2097152) = 0 [pid 2229] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2229] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2229] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2229] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2229] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2229] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2229] mkdir("./file0", 0777) = 0 [pid 2229] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2229] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2229] ioctl(4, LOOP_CLR_FD) = 0 [pid 2229] close(4) = 0 [pid 2229] close(3) = 0 [pid 2229] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2228] <... futex resumed>) = 0 [pid 2228] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2228] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2229] chdir("./file0") = 0 [pid 2229] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2228] <... futex resumed>) = 0 [pid 2229] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 2228] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2229] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2228] <... futex resumed>) = 0 [pid 2228] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2229] <... openat resumed>) = 3 [pid 2229] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2228] <... futex resumed>) = 0 [pid 2229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2228] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2228] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2229] <... write resumed>) = 61 [pid 2229] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2228] <... futex resumed>) = 0 [pid 2229] <... futex resumed>) = 0 [pid 2228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2229] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2228] <... mmap resumed>) = 0x7f697cdae000 [pid 2228] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2228] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2232 attached , parent_tid=[2232], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2232 [pid 2232] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2232] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2228] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2232] <... futex resumed>) = 0 [pid 2228] <... futex resumed>) = 1 [pid 2232] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2228] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2232] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2232] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2228] <... futex resumed>) = 0 [pid 2228] exit_group(0 [pid 2232] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL) = 230 [pid 2228] <... exit_group resumed>) = ? [pid 2229] <... futex resumed>) = ? [pid 2229] +++ exited with 0 +++ [pid 2232] +++ exited with 0 +++ [pid 2228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2228, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./374", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./374", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./374/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./374/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./374/binderfs") = 0 umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./374/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./374/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./374/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./374") = 0 mkdir("./375", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2233 ./strace-static-x86_64: Process 2233 attached [pid 2233] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2233] chdir("./375") = 0 [pid 2233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2233] setpgid(0, 0) = 0 [pid 2233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2233] write(3, "1000", 4) = 4 [pid 2233] close(3) = 0 [pid 2233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2233] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2233] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2233] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2234], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2234 [pid 2233] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2233] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2234 attached [pid 2234] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2234] memfd_create("syzkaller", 0) = 3 [pid 2234] ftruncate(3, 2097152) = 0 [pid 2234] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2234] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2234] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2234] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2234] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2234] mkdir("./file0", 0777) = 0 [pid 2234] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2234] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2234] ioctl(4, LOOP_CLR_FD) = 0 [pid 2234] close(4) = 0 [pid 2234] close(3) = 0 [pid 2234] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2233] <... futex resumed>) = 0 [pid 2234] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2233] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2233] <... futex resumed>) = 0 [pid 2234] chdir("./file0" [pid 2233] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2234] <... chdir resumed>) = 0 [pid 2234] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2233] <... futex resumed>) = 0 [pid 2234] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2233] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2233] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2234] <... openat resumed>) = 3 [pid 2234] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2233] <... futex resumed>) = 0 [pid 2234] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2233] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2234] <... futex resumed>) = 0 [pid 2233] <... futex resumed>) = 1 [pid 2233] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2233] <... futex resumed>) = 0 [pid 2233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2234] <... write resumed>) = 61 [pid 2234] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2233] <... mmap resumed>) = 0x7f697cdae000 [pid 2234] <... futex resumed>) = 0 [pid 2234] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2233] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2233] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2237], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2237 [pid 2233] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2233] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2237 attached [pid 2237] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2237] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2237] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2233] <... futex resumed>) = 0 [pid 2233] exit_group(0) = ? [pid 2234] <... futex resumed>) = ? [pid 2234] +++ exited with 0 +++ [pid 2237] <... futex resumed>) = ? [pid 2237] +++ exited with 0 +++ [pid 2233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2233, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./375", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./375", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./375/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./375/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./375/binderfs") = 0 umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./375/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./375/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./375/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./375") = 0 mkdir("./376", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2238 ./strace-static-x86_64: Process 2238 attached [pid 2238] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2238] chdir("./376") = 0 [pid 2238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2238] setpgid(0, 0) = 0 [pid 2238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2238] write(3, "1000", 4) = 4 [pid 2238] close(3) = 0 [pid 2238] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2238] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2238] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2238] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2239], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2239 [pid 2238] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2238] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2239 attached [pid 2239] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2239] memfd_create("syzkaller", 0) = 3 [pid 2239] ftruncate(3, 2097152) = 0 [pid 2239] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2239] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2239] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2239] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2239] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2239] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2239] mkdir("./file0", 0777) = 0 [pid 2239] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2239] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2239] ioctl(4, LOOP_CLR_FD) = 0 [pid 2239] close(4) = 0 [pid 2239] close(3) = 0 [pid 2239] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2238] <... futex resumed>) = 0 [pid 2238] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2238] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2239] <... futex resumed>) = 1 [pid 2239] chdir("./file0") = 0 [pid 2239] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2238] <... futex resumed>) = 0 [pid 2238] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2238] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2239] <... futex resumed>) = 1 [pid 2239] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2239] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2238] <... futex resumed>) = 0 [pid 2238] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2238] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2238] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2238] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2242], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2242 [pid 2238] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2238] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2239] <... futex resumed>) = 1 [pid 2239] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2239] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2239] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2242 attached [pid 2242] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2242] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2242] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2238] <... futex resumed>) = 0 [pid 2238] exit_group(0 [pid 2239] <... futex resumed>) = ? [pid 2238] <... exit_group resumed>) = ? [pid 2239] +++ exited with 0 +++ [pid 2242] <... futex resumed>) = ? [pid 2242] +++ exited with 0 +++ [pid 2238] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2238, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./376", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./376", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./376/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./376/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./376/binderfs") = 0 umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./376/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./376/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./376/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./376") = 0 mkdir("./377", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2243 ./strace-static-x86_64: Process 2243 attached [pid 2243] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2243] chdir("./377") = 0 [pid 2243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2243] setpgid(0, 0) = 0 [pid 2243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2243] write(3, "1000", 4) = 4 [pid 2243] close(3) = 0 [pid 2243] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2243] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2243] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2243] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2244], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2244 [pid 2243] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2243] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2244 attached [pid 2244] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2244] memfd_create("syzkaller", 0) = 3 [pid 2244] ftruncate(3, 2097152) = 0 [pid 2244] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2244] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2244] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2244] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2244] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2244] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2244] mkdir("./file0", 0777) = 0 [pid 2244] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2244] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2244] ioctl(4, LOOP_CLR_FD) = 0 [pid 2244] close(4) = 0 [pid 2244] close(3) = 0 [pid 2244] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2243] <... futex resumed>) = 0 [pid 2243] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2243] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2244] chdir("./file0") = 0 [pid 2244] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2243] <... futex resumed>) = 0 [pid 2243] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2243] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2244] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2244] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2243] <... futex resumed>) = 0 [pid 2244] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2243] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2243] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2244] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2243] <... futex resumed>) = 0 [pid 2244] <... write resumed>) = 61 [pid 2243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2244] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2243] <... mmap resumed>) = 0x7f697cdae000 [pid 2244] <... futex resumed>) = 0 [pid 2243] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2244] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2243] <... mprotect resumed>) = 0 [pid 2243] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2247], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2247 [pid 2243] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2243] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2247 attached [pid 2247] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2247] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2247] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2243] <... futex resumed>) = 0 [pid 2243] exit_group(0) = ? [pid 2244] <... futex resumed>) = ? [pid 2244] +++ exited with 0 +++ [pid 2247] <... futex resumed>) = ? [pid 2247] +++ exited with 0 +++ [pid 2243] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2243, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./377", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./377", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./377/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./377/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./377/binderfs") = 0 umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./377/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./377/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./377/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./377") = 0 mkdir("./378", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2248 ./strace-static-x86_64: Process 2248 attached [pid 2248] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2248] chdir("./378") = 0 [pid 2248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2248] setpgid(0, 0) = 0 [pid 2248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2248] write(3, "1000", 4) = 4 [pid 2248] close(3) = 0 [pid 2248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2248] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2248] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2248] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2249], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2249 [pid 2248] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2249 attached ) = 0 [pid 2249] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2249] memfd_create("syzkaller", 0) = 3 [pid 2249] ftruncate(3, 2097152) = 0 [pid 2249] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2249] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2249] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2249] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2249] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2249] ioctl(4, LOOP_SET_FD, 3 [pid 2248] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2249] <... ioctl resumed>) = 0 [pid 2249] mkdir("./file0", 0777) = 0 [pid 2249] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2249] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2249] ioctl(4, LOOP_CLR_FD) = 0 [pid 2249] close(4) = 0 [pid 2249] close(3) = 0 [pid 2249] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2249] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2248] <... futex resumed>) = 0 [pid 2248] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2249] <... futex resumed>) = 0 [pid 2249] chdir("./file0") = 0 [pid 2249] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2249] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2248] <... futex resumed>) = 1 [pid 2248] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2248] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2249] <... futex resumed>) = 0 [pid 2249] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2249] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2249] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2248] <... futex resumed>) = 1 [pid 2248] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2248] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2249] <... futex resumed>) = 0 [pid 2249] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2249] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2249] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2248] <... futex resumed>) = 1 [pid 2248] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2249] <... futex resumed>) = 0 [pid 2249] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2248] <... futex resumed>) = 1 [pid 2249] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2249] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2248] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2248] exit_group(0 [pid 2249] <... futex resumed>) = ? [pid 2249] +++ exited with 0 +++ [pid 2248] <... exit_group resumed>) = ? [pid 2248] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2248, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./378", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./378", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./378/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./378/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./378/binderfs") = 0 umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./378/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./378/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./378/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./378") = 0 mkdir("./379", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2252 ./strace-static-x86_64: Process 2252 attached [pid 2252] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2252] chdir("./379") = 0 [pid 2252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2252] setpgid(0, 0) = 0 [pid 2252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2252] write(3, "1000", 4) = 4 [pid 2252] close(3) = 0 [pid 2252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2252] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2252] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2252] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2253], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2253 [pid 2252] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2252] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2253 attached [pid 2253] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2253] memfd_create("syzkaller", 0) = 3 [pid 2253] ftruncate(3, 2097152) = 0 [pid 2253] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2253] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2253] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2253] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2253] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2253] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2253] mkdir("./file0", 0777) = 0 [pid 2253] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2253] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2253] ioctl(4, LOOP_CLR_FD) = 0 [pid 2253] close(4) = 0 [pid 2253] close(3) = 0 [pid 2253] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2252] <... futex resumed>) = 0 [pid 2252] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2252] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2253] chdir("./file0") = 0 [pid 2253] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2252] <... futex resumed>) = 0 [pid 2252] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2252] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2253] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2253] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2252] <... futex resumed>) = 0 [pid 2252] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2252] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2252] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2252] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2256 attached , parent_tid=[2256], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2256 [pid 2253] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2252] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2256] set_robust_list(0x7f697cdce9e0, 24 [pid 2253] <... write resumed>) = 61 [pid 2252] <... futex resumed>) = 0 [pid 2253] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2252] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2253] <... futex resumed>) = 0 [pid 2253] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2256] <... set_robust_list resumed>) = 0 [pid 2256] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2256] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2252] <... futex resumed>) = 0 [pid 2252] exit_group(0 [pid 2253] <... futex resumed>) = ? [pid 2252] <... exit_group resumed>) = ? [pid 2253] +++ exited with 0 +++ [pid 2256] +++ exited with 0 +++ [pid 2252] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2252, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./379", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./379", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./379/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./379/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./379/binderfs") = 0 umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./379/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./379/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./379/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./379") = 0 mkdir("./380", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2257 ./strace-static-x86_64: Process 2257 attached [pid 2257] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2257] chdir("./380") = 0 [pid 2257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2257] setpgid(0, 0) = 0 [pid 2257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2257] write(3, "1000", 4) = 4 [pid 2257] close(3) = 0 [pid 2257] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2257] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2257] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2257] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2258 attached [pid 2258] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2258] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2257] <... clone resumed>, parent_tid=[2258], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2258 [pid 2257] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2257] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2258] <... futex resumed>) = 0 [pid 2258] memfd_create("syzkaller", 0) = 3 [pid 2258] ftruncate(3, 2097152) = 0 [pid 2258] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2258] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2258] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2258] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2258] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2258] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2258] mkdir("./file0", 0777) = 0 [pid 2258] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2258] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2258] ioctl(4, LOOP_CLR_FD) = 0 [pid 2258] close(4) = 0 [pid 2258] close(3) = 0 [pid 2258] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2257] <... futex resumed>) = 0 [pid 2258] <... futex resumed>) = 1 [pid 2258] chdir("./file0" [pid 2257] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2258] <... chdir resumed>) = 0 [pid 2257] <... futex resumed>) = 0 [pid 2257] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2258] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2258] <... futex resumed>) = 0 [pid 2257] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2258] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2257] <... futex resumed>) = 0 [pid 2257] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2258] <... openat resumed>) = 3 [pid 2258] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2257] <... futex resumed>) = 0 [pid 2257] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2258] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2257] <... futex resumed>) = 0 [pid 2257] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2258] <... write resumed>) = 61 [pid 2257] <... mmap resumed>) = 0x7f697cdae000 [pid 2258] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2257] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2258] <... futex resumed>) = 0 [pid 2258] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2257] <... mprotect resumed>) = 0 [pid 2257] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2261 attached , parent_tid=[2261], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2261 [pid 2261] set_robust_list(0x7f697cdce9e0, 24 [pid 2257] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2261] <... set_robust_list resumed>) = 0 [pid 2257] <... futex resumed>) = 0 [pid 2261] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2257] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2261] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2261] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2261] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2257] <... futex resumed>) = 0 [pid 2257] exit_group(0) = ? [pid 2258] <... futex resumed>) = 231 [pid 2261] <... futex resumed>) = ? [pid 2258] +++ exited with 0 +++ [pid 2261] +++ exited with 0 +++ [pid 2257] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2257, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./380", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./380", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./380/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./380/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./380/binderfs") = 0 umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./380/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./380/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./380/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./380") = 0 mkdir("./381", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2262 ./strace-static-x86_64: Process 2262 attached [pid 2262] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2262] chdir("./381") = 0 [pid 2262] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2262] setpgid(0, 0) = 0 [pid 2262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2262] write(3, "1000", 4) = 4 [pid 2262] close(3) = 0 [pid 2262] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2262] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2262] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2262] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2263], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2263 [pid 2262] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2262] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2263 attached [pid 2263] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2263] memfd_create("syzkaller", 0) = 3 [pid 2263] ftruncate(3, 2097152) = 0 [pid 2263] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2263] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2263] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2263] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2263] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2263] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2263] mkdir("./file0", 0777) = 0 [pid 2263] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2263] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2263] ioctl(4, LOOP_CLR_FD) = 0 [pid 2263] close(4) = 0 [pid 2263] close(3) = 0 [pid 2263] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2262] <... futex resumed>) = 0 [pid 2262] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2262] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2263] chdir("./file0") = 0 [pid 2263] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2262] <... futex resumed>) = 0 [pid 2262] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2262] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2263] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2263] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2262] <... futex resumed>) = 0 [pid 2262] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2262] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2262] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2262] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2266 attached , parent_tid=[2266], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2266 [pid 2266] set_robust_list(0x7f697cdce9e0, 24 [pid 2262] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2262] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2263] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2263] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2263] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2266] <... set_robust_list resumed>) = 0 [pid 2266] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2266] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2262] <... futex resumed>) = 0 [pid 2262] exit_group(0) = ? [pid 2266] +++ exited with 0 +++ [pid 2263] <... futex resumed>) = ? [pid 2263] +++ exited with 0 +++ [pid 2262] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2262, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./381", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./381", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./381/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./381/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./381/binderfs") = 0 umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./381/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./381/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./381/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./381") = 0 mkdir("./382", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2267 ./strace-static-x86_64: Process 2267 attached [pid 2267] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2267] chdir("./382") = 0 [pid 2267] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2267] setpgid(0, 0) = 0 [pid 2267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2267] write(3, "1000", 4) = 4 [pid 2267] close(3) = 0 [pid 2267] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2267] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2267] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2267] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2268], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2268 [pid 2267] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2267] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2268 attached [pid 2268] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2268] memfd_create("syzkaller", 0) = 3 [pid 2268] ftruncate(3, 2097152) = 0 [pid 2268] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2268] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2268] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2268] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2268] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2268] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2268] mkdir("./file0", 0777) = 0 [pid 2268] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2268] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2268] ioctl(4, LOOP_CLR_FD) = 0 [pid 2268] close(4) = 0 [pid 2268] close(3) = 0 [pid 2268] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2267] <... futex resumed>) = 0 [pid 2267] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2267] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2268] chdir("./file0") = 0 [pid 2268] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2267] <... futex resumed>) = 0 [pid 2267] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2267] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2268] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2268] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2267] <... futex resumed>) = 0 [pid 2268] <... futex resumed>) = 1 [pid 2267] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2268] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2267] <... futex resumed>) = 0 [pid 2267] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2268] <... write resumed>) = 61 [pid 2267] <... futex resumed>) = 0 [pid 2268] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2268] <... futex resumed>) = 0 [pid 2268] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2267] <... mmap resumed>) = 0x7f697cdae000 [pid 2267] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2267] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2271 attached , parent_tid=[2271], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2271 [pid 2271] set_robust_list(0x7f697cdce9e0, 24 [pid 2267] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2271] <... set_robust_list resumed>) = 0 [pid 2267] <... futex resumed>) = 0 [pid 2271] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2267] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2271] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2271] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2267] <... futex resumed>) = 0 [pid 2271] <... futex resumed>) = 1 [pid 2267] exit_group(0) = ? [pid 2268] <... futex resumed>) = ? [pid 2271] +++ exited with 0 +++ [pid 2268] +++ exited with 0 +++ [pid 2267] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2267, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./382", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./382", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./382/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./382/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./382/binderfs") = 0 umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./382/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./382/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./382/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./382") = 0 mkdir("./383", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2272 ./strace-static-x86_64: Process 2272 attached [pid 2272] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2272] chdir("./383") = 0 [pid 2272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2272] setpgid(0, 0) = 0 [pid 2272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2272] write(3, "1000", 4) = 4 [pid 2272] close(3) = 0 [pid 2272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2272] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2272] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2272] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2273], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2273 [pid 2272] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2272] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2273 attached [pid 2273] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2273] memfd_create("syzkaller", 0) = 3 [pid 2273] ftruncate(3, 2097152) = 0 [pid 2273] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2273] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2273] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2273] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2273] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2273] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2273] mkdir("./file0", 0777) = 0 [pid 2273] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2273] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2273] ioctl(4, LOOP_CLR_FD) = 0 [pid 2273] close(4) = 0 [pid 2273] close(3) = 0 [pid 2273] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2272] <... futex resumed>) = 0 [pid 2272] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2272] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2273] <... futex resumed>) = 1 [pid 2273] chdir("./file0") = 0 [pid 2273] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2272] <... futex resumed>) = 0 [pid 2272] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2272] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2273] <... futex resumed>) = 1 [pid 2273] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2273] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2272] <... futex resumed>) = 0 [pid 2272] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2272] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2272] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2272] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2276], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2276 [pid 2272] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2272] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2273] <... futex resumed>) = 1 [pid 2273] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 ./strace-static-x86_64: Process 2276 attached [pid 2276] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2276] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2273] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2276] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2276] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2272] <... futex resumed>) = 0 [pid 2276] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2272] exit_group(0) = ? [pid 2276] <... futex resumed>) = 231 [pid 2276] +++ exited with 0 +++ [pid 2273] +++ exited with 0 +++ [pid 2272] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2272, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./383", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./383", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./383/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./383/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./383/binderfs") = 0 umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./383/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./383/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./383/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./383") = 0 mkdir("./384", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2277 ./strace-static-x86_64: Process 2277 attached [pid 2277] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2277] chdir("./384") = 0 [pid 2277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2277] setpgid(0, 0) = 0 [pid 2277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2277] write(3, "1000", 4) = 4 [pid 2277] close(3) = 0 [pid 2277] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2277] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2277] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2277] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2278], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2278 [pid 2277] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2277] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2278 attached [pid 2278] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2278] memfd_create("syzkaller", 0) = 3 [pid 2278] ftruncate(3, 2097152) = 0 [pid 2278] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2278] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2278] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2278] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2278] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2278] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2278] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2278] mkdir("./file0", 0777) = 0 [pid 2278] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2278] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2278] ioctl(4, LOOP_CLR_FD) = 0 [pid 2278] close(4) = 0 [pid 2278] close(3) = 0 [pid 2278] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2277] <... futex resumed>) = 0 [pid 2278] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2277] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2278] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2277] <... futex resumed>) = 0 [pid 2278] chdir("./file0" [pid 2277] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2278] <... chdir resumed>) = 0 [pid 2278] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2277] <... futex resumed>) = 0 [pid 2278] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2277] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2278] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2277] <... futex resumed>) = 0 [pid 2278] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2277] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2278] <... openat resumed>) = 3 [pid 2278] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2277] <... futex resumed>) = 0 [pid 2278] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2277] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2278] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2277] <... futex resumed>) = 0 [pid 2278] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2277] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2278] <... write resumed>) = 61 [pid 2277] <... mmap resumed>) = 0x7f697cdae000 [pid 2278] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2277] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2278] <... futex resumed>) = 0 [pid 2278] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2277] <... mprotect resumed>) = 0 [pid 2277] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2281 attached , parent_tid=[2281], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2281 [pid 2277] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2277] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2281] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2281] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2281] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2277] <... futex resumed>) = 0 [pid 2281] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2277] exit_group(0) = ? [pid 2278] <... futex resumed>) = ? [pid 2278] +++ exited with 0 +++ [pid 2281] <... futex resumed>) = ? [pid 2281] +++ exited with 0 +++ [pid 2277] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2277, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./384", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./384", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./384/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./384/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./384/binderfs") = 0 umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./384/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./384/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./384/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./384") = 0 mkdir("./385", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2282 ./strace-static-x86_64: Process 2282 attached [pid 2282] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2282] chdir("./385") = 0 [pid 2282] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2282] setpgid(0, 0) = 0 [pid 2282] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2282] write(3, "1000", 4) = 4 [pid 2282] close(3) = 0 [pid 2282] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2282] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2282] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2282] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2283], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2283 [pid 2282] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2282] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2283 attached [pid 2283] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2283] memfd_create("syzkaller", 0) = 3 [pid 2283] ftruncate(3, 2097152) = 0 [pid 2283] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2283] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2283] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2283] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2283] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2283] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2283] mkdir("./file0", 0777) = 0 [pid 2283] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2283] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2283] ioctl(4, LOOP_CLR_FD) = 0 [pid 2283] close(4) = 0 [pid 2283] close(3) = 0 [pid 2283] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2282] <... futex resumed>) = 0 [pid 2283] <... futex resumed>) = 1 [pid 2283] chdir("./file0" [pid 2282] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2282] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2283] <... chdir resumed>) = 0 [pid 2283] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2282] <... futex resumed>) = 0 [pid 2283] <... futex resumed>) = 1 [pid 2282] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2283] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2282] <... futex resumed>) = 0 [pid 2282] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2283] <... openat resumed>) = 3 [pid 2283] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2282] <... futex resumed>) = 0 [pid 2283] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2282] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2282] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2282] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2282] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2286], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2286 [pid 2282] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2282] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2286 attached [pid 2286] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2286] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2283] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2286] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2283] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 2286] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2283] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2286] <... futex resumed>) = 1 [pid 2283] <... futex resumed>) = 0 [pid 2282] <... futex resumed>) = 0 [pid 2282] exit_group(0) = ? [pid 2283] +++ exited with 0 +++ [pid 2286] +++ exited with 0 +++ [pid 2282] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2282, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./385", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./385", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./385/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./385/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./385/binderfs") = 0 umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./385/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./385/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./385/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./385") = 0 mkdir("./386", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2287 ./strace-static-x86_64: Process 2287 attached [pid 2287] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2287] chdir("./386") = 0 [pid 2287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2287] setpgid(0, 0) = 0 [pid 2287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2287] write(3, "1000", 4) = 4 [pid 2287] close(3) = 0 [pid 2287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2287] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2287] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2287] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2288], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2288 [pid 2287] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2287] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2288 attached [pid 2288] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2288] memfd_create("syzkaller", 0) = 3 [pid 2288] ftruncate(3, 2097152) = 0 [pid 2288] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2288] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2288] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2288] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2288] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2288] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2288] mkdir("./file0", 0777) = 0 [pid 2288] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2288] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2288] ioctl(4, LOOP_CLR_FD) = 0 [pid 2288] close(4) = 0 [pid 2288] close(3) = 0 [pid 2288] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2287] <... futex resumed>) = 0 [pid 2287] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2287] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2288] chdir("./file0") = 0 [pid 2288] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2287] <... futex resumed>) = 0 [pid 2287] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2287] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2288] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2288] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2287] <... futex resumed>) = 0 [pid 2287] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2287] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2287] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2287] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2291], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2291 [pid 2287] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2291 attached [pid 2287] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2288] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2291] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2291] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2291] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2287] <... futex resumed>) = 0 [pid 2291] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2288] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 2288] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2288] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2287] exit_group(0) = ? [pid 2291] <... futex resumed>) = 231 [pid 2291] +++ exited with 0 +++ [pid 2288] <... futex resumed>) = ? [pid 2288] +++ exited with 0 +++ [pid 2287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2287, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./386", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./386", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./386/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./386/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./386/binderfs") = 0 umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./386/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./386/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./386/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./386") = 0 mkdir("./387", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2292 ./strace-static-x86_64: Process 2292 attached [pid 2292] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2292] chdir("./387") = 0 [pid 2292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2292] setpgid(0, 0) = 0 [pid 2292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2292] write(3, "1000", 4) = 4 [pid 2292] close(3) = 0 [pid 2292] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2292] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2292] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2292] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2293], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2293 [pid 2292] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2292] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2293 attached [pid 2293] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2293] memfd_create("syzkaller", 0) = 3 [pid 2293] ftruncate(3, 2097152) = 0 [pid 2293] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2293] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2293] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2293] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2293] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2293] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2293] mkdir("./file0", 0777) = 0 [pid 2293] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2293] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2293] ioctl(4, LOOP_CLR_FD) = 0 [pid 2293] close(4) = 0 [pid 2293] close(3) = 0 [pid 2293] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2292] <... futex resumed>) = 0 [pid 2292] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2292] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2293] <... futex resumed>) = 1 [pid 2293] chdir("./file0") = 0 [pid 2293] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2292] <... futex resumed>) = 0 [pid 2292] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2292] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2293] <... futex resumed>) = 1 [pid 2293] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2293] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2292] <... futex resumed>) = 0 [pid 2292] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2292] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2292] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2292] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2296], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2296 [pid 2292] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2292] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2293] <... futex resumed>) = 1 [pid 2293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2293] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2293] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2296 attached [pid 2296] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2296] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2296] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2292] <... futex resumed>) = 0 [pid 2292] exit_group(0 [pid 2293] <... futex resumed>) = ? [pid 2292] <... exit_group resumed>) = ? [pid 2293] +++ exited with 0 +++ [pid 2296] <... futex resumed>) = ? [pid 2296] +++ exited with 0 +++ [pid 2292] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2292, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./387", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./387", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./387/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./387/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./387/binderfs") = 0 umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./387/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./387/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./387/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./387") = 0 mkdir("./388", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2297 ./strace-static-x86_64: Process 2297 attached [pid 2297] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2297] chdir("./388") = 0 [pid 2297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2297] setpgid(0, 0) = 0 [pid 2297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2297] write(3, "1000", 4) = 4 [pid 2297] close(3) = 0 [pid 2297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2297] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2297] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2297] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2298], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2298 [pid 2297] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2297] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2298 attached [pid 2298] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2298] memfd_create("syzkaller", 0) = 3 [pid 2298] ftruncate(3, 2097152) = 0 [pid 2298] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2298] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2298] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2298] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2298] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2298] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2298] mkdir("./file0", 0777) = 0 [pid 2298] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2298] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2298] ioctl(4, LOOP_CLR_FD) = 0 [pid 2298] close(4) = 0 [pid 2298] close(3) = 0 [pid 2298] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2297] <... futex resumed>) = 0 [pid 2297] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2297] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2298] <... futex resumed>) = 1 [pid 2298] chdir("./file0") = 0 [pid 2298] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2297] <... futex resumed>) = 0 [pid 2297] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2297] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2298] <... futex resumed>) = 1 [pid 2298] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2298] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2297] <... futex resumed>) = 0 [pid 2297] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2297] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2297] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2297] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2301], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2301 [pid 2297] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2297] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2298] <... futex resumed>) = 1 [pid 2298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2298] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2298] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2301 attached [pid 2301] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2301] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2301] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2297] <... futex resumed>) = 0 [pid 2297] exit_group(0 [pid 2298] <... futex resumed>) = ? [pid 2297] <... exit_group resumed>) = ? [pid 2298] +++ exited with 0 +++ [pid 2301] <... futex resumed>) = ? [pid 2301] +++ exited with 0 +++ [pid 2297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2297, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./388", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./388", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./388/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./388/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./388/binderfs") = 0 umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./388/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./388/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./388/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./388") = 0 mkdir("./389", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2302 ./strace-static-x86_64: Process 2302 attached [pid 2302] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2302] chdir("./389") = 0 [pid 2302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2302] setpgid(0, 0) = 0 [pid 2302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2302] write(3, "1000", 4) = 4 [pid 2302] close(3) = 0 [pid 2302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2302] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2302] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2302] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2303], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2303 [pid 2302] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2302] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2303 attached [pid 2303] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2303] memfd_create("syzkaller", 0) = 3 [pid 2303] ftruncate(3, 2097152) = 0 [pid 2303] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2303] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2303] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2303] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2303] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2303] mkdir("./file0", 0777) = 0 [pid 2303] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2303] ioctl(4, LOOP_CLR_FD) = 0 [pid 2303] close(4) = 0 [pid 2303] close(3) = 0 [pid 2303] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2302] <... futex resumed>) = 0 [pid 2303] <... futex resumed>) = 1 [pid 2302] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2303] chdir("./file0" [pid 2302] <... futex resumed>) = 0 [pid 2302] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2303] <... chdir resumed>) = 0 [pid 2303] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2302] <... futex resumed>) = 0 [pid 2302] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2303] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2302] <... futex resumed>) = 0 [pid 2302] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2303] <... openat resumed>) = 3 [pid 2303] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2302] <... futex resumed>) = 0 [pid 2302] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2302] <... futex resumed>) = 0 [pid 2302] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2303] <... write resumed>) = 61 [pid 2302] <... mmap resumed>) = 0x7f697cdae000 [pid 2303] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2302] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2303] <... futex resumed>) = 0 [pid 2302] <... mprotect resumed>) = 0 [pid 2303] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2302] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2306], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2306 [pid 2302] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2302] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2306 attached [pid 2306] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2306] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2306] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2302] <... futex resumed>) = 0 [pid 2302] exit_group(0 [pid 2303] <... futex resumed>) = ? [pid 2302] <... exit_group resumed>) = ? [pid 2306] +++ exited with 0 +++ [pid 2303] +++ exited with 0 +++ [pid 2302] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2302, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./389", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./389", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./389/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./389/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./389/binderfs") = 0 umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./389/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./389/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./389/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./389") = 0 mkdir("./390", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2307 attached , child_tidptr=0x555555cf25d0) = 2307 [pid 2307] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2307] chdir("./390") = 0 [pid 2307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2307] setpgid(0, 0) = 0 [pid 2307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2307] write(3, "1000", 4) = 4 [pid 2307] close(3) = 0 [pid 2307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2307] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2307] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2307] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2308], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2308 ./strace-static-x86_64: Process 2308 attached [pid 2308] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2308] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2307] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2308] <... futex resumed>) = 0 [pid 2307] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2308] memfd_create("syzkaller", 0) = 3 [pid 2308] ftruncate(3, 2097152) = 0 [pid 2308] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2308] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2308] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2308] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2308] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2308] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2308] mkdir("./file0", 0777) = 0 [pid 2308] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2308] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2308] ioctl(4, LOOP_CLR_FD) = 0 [pid 2308] close(4) = 0 [pid 2308] close(3) = 0 [pid 2308] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2307] <... futex resumed>) = 0 [pid 2307] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2307] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2308] chdir("./file0") = 0 [pid 2308] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2307] <... futex resumed>) = 0 [pid 2307] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2307] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2308] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2308] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2307] <... futex resumed>) = 0 [pid 2307] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2307] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2307] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2307] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2311], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2311 [pid 2308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2307] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2307] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2311 attached [pid 2311] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2311] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2308] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 2308] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2308] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2311] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2311] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2307] <... futex resumed>) = 0 [pid 2307] exit_group(0) = ? [pid 2308] <... futex resumed>) = ? [pid 2308] +++ exited with 0 +++ [pid 2311] <... futex resumed>) = ? [pid 2311] +++ exited with 0 +++ [pid 2307] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2307, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./390", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./390", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./390/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./390/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./390/binderfs") = 0 umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./390/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./390/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./390/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./390") = 0 mkdir("./391", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2312 ./strace-static-x86_64: Process 2312 attached [pid 2312] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2312] chdir("./391") = 0 [pid 2312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2312] setpgid(0, 0) = 0 [pid 2312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2312] write(3, "1000", 4) = 4 [pid 2312] close(3) = 0 [pid 2312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2312] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2312] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2312] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2313], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2313 ./strace-static-x86_64: Process 2313 attached [pid 2312] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2313] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2312] <... futex resumed>) = 0 [pid 2313] memfd_create("syzkaller", 0 [pid 2312] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2313] <... memfd_create resumed>) = 3 [pid 2313] ftruncate(3, 2097152) = 0 [pid 2313] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2313] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2313] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2313] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2313] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2313] mkdir("./file0", 0777) = 0 [pid 2313] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2313] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2313] ioctl(4, LOOP_CLR_FD) = 0 [pid 2313] close(4) = 0 [pid 2313] close(3) = 0 [pid 2313] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2312] <... futex resumed>) = 0 [pid 2312] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2313] chdir("./file0" [pid 2312] <... futex resumed>) = 0 [pid 2313] <... chdir resumed>) = 0 [pid 2313] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2312] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2313] <... futex resumed>) = 0 [pid 2312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2313] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2312] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2313] <... openat resumed>) = 3 [pid 2312] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2313] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2313] <... futex resumed>) = 0 [pid 2313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2312] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2313] <... write resumed>) = 61 [pid 2313] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2312] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2313] <... futex resumed>) = 0 [pid 2312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2313] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2312] <... mmap resumed>) = 0x7f697cdae000 [pid 2312] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2312] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2316], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2316 [pid 2312] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2312] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2316 attached [pid 2316] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2316] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2316] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2316] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2312] <... futex resumed>) = 0 [pid 2312] exit_group(0 [pid 2313] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 2312] <... exit_group resumed>) = ? [pid 2313] +++ exited with 0 +++ [pid 2316] <... futex resumed>) = ? [pid 2316] +++ exited with 0 +++ [pid 2312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2312, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./391", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./391", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./391/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./391/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./391/binderfs") = 0 umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./391/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./391/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./391/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./391") = 0 mkdir("./392", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2317 ./strace-static-x86_64: Process 2317 attached [pid 2317] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2317] chdir("./392") = 0 [pid 2317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2317] setpgid(0, 0) = 0 [pid 2317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2317] write(3, "1000", 4) = 4 [pid 2317] close(3) = 0 [pid 2317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2317] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2317] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2317] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2318], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2318 [pid 2317] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2317] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2318 attached [pid 2318] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2318] memfd_create("syzkaller", 0) = 3 [pid 2318] ftruncate(3, 2097152) = 0 [pid 2318] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2318] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2318] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2318] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2318] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2318] mkdir("./file0", 0777) = 0 [pid 2318] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2318] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2318] ioctl(4, LOOP_CLR_FD) = 0 [pid 2318] close(4) = 0 [pid 2318] close(3) = 0 [pid 2318] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2317] <... futex resumed>) = 0 [pid 2318] <... futex resumed>) = 1 [pid 2317] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2318] chdir("./file0" [pid 2317] <... futex resumed>) = 0 [pid 2318] <... chdir resumed>) = 0 [pid 2317] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2318] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2318] <... futex resumed>) = 0 [pid 2317] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2318] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2317] <... futex resumed>) = 0 [pid 2317] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2318] <... openat resumed>) = 3 [pid 2318] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2317] <... futex resumed>) = 0 [pid 2318] <... futex resumed>) = 1 [pid 2317] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2317] <... futex resumed>) = 0 [pid 2317] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2318] <... write resumed>) = 61 [pid 2317] <... mmap resumed>) = 0x7f697cdae000 [pid 2318] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2317] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2318] <... futex resumed>) = 0 [pid 2317] <... mprotect resumed>) = 0 [pid 2318] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2317] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2321 attached , parent_tid=[2321], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2321 [pid 2321] set_robust_list(0x7f697cdce9e0, 24 [pid 2317] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2321] <... set_robust_list resumed>) = 0 [pid 2317] <... futex resumed>) = 0 [pid 2321] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2317] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2321] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2321] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2317] <... futex resumed>) = 0 [pid 2321] <... futex resumed>) = 1 [pid 2317] exit_group(0 [pid 2321] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2318] <... futex resumed>) = ? [pid 2317] <... exit_group resumed>) = ? [pid 2321] <... futex resumed>) = ? [pid 2318] +++ exited with 0 +++ [pid 2321] +++ exited with 0 +++ [pid 2317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2317, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./392", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./392", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./392/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./392/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./392/binderfs") = 0 umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./392/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./392/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./392/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./392") = 0 mkdir("./393", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2322 ./strace-static-x86_64: Process 2322 attached [pid 2322] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2322] chdir("./393") = 0 [pid 2322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2322] setpgid(0, 0) = 0 [pid 2322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2322] write(3, "1000", 4) = 4 [pid 2322] close(3) = 0 [pid 2322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2322] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2322] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2322] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2323], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2323 [pid 2322] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2322] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2323 attached [pid 2323] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2323] memfd_create("syzkaller", 0) = 3 [pid 2323] ftruncate(3, 2097152) = 0 [pid 2323] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2323] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2323] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2323] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2323] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2323] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2323] mkdir("./file0", 0777) = 0 [pid 2323] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2323] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2323] ioctl(4, LOOP_CLR_FD) = 0 [pid 2323] close(4) = 0 [pid 2323] close(3) = 0 [pid 2323] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2322] <... futex resumed>) = 0 [pid 2323] <... futex resumed>) = 1 [pid 2322] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2323] chdir("./file0" [pid 2322] <... futex resumed>) = 0 [pid 2323] <... chdir resumed>) = 0 [pid 2322] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2323] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2322] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2323] <... futex resumed>) = 0 [pid 2322] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2323] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2322] <... futex resumed>) = 0 [pid 2322] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2323] <... openat resumed>) = 3 [pid 2323] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2322] <... futex resumed>) = 0 [pid 2323] <... futex resumed>) = 1 [pid 2322] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2322] <... futex resumed>) = 0 [pid 2322] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2323] <... write resumed>) = 61 [pid 2322] <... mmap resumed>) = 0x7f697cdae000 [pid 2323] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2322] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2323] <... futex resumed>) = 0 [pid 2322] <... mprotect resumed>) = 0 [pid 2323] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2322] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2326], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2326 [pid 2322] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2322] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2326 attached [pid 2326] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2326] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2326] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2322] <... futex resumed>) = 0 [pid 2322] exit_group(0) = ? [pid 2323] <... futex resumed>) = ? [pid 2323] +++ exited with 0 +++ [pid 2326] <... futex resumed>) = ? [pid 2326] +++ exited with 0 +++ [pid 2322] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2322, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./393", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./393", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./393/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./393/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./393/binderfs") = 0 umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./393/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./393/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./393/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./393") = 0 mkdir("./394", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2327 ./strace-static-x86_64: Process 2327 attached [pid 2327] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2327] chdir("./394") = 0 [pid 2327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2327] setpgid(0, 0) = 0 [pid 2327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2327] write(3, "1000", 4) = 4 [pid 2327] close(3) = 0 [pid 2327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2327] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2327] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2327] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2328], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2328 [pid 2327] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2327] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2328 attached [pid 2328] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2328] memfd_create("syzkaller", 0) = 3 [pid 2328] ftruncate(3, 2097152) = 0 [pid 2328] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2328] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2328] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2328] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2328] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2328] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2328] mkdir("./file0", 0777) = 0 [pid 2328] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2328] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2328] ioctl(4, LOOP_CLR_FD) = 0 [pid 2328] close(4) = 0 [pid 2328] close(3) = 0 [pid 2328] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2327] <... futex resumed>) = 0 [pid 2327] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2327] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2328] chdir("./file0") = 0 [pid 2328] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2327] <... futex resumed>) = 0 [pid 2327] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2327] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2328] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2328] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2327] <... futex resumed>) = 0 [pid 2327] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2327] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2327] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2327] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2331], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2331 [pid 2328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2327] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2328] <... write resumed>) = 61 [pid 2327] <... futex resumed>) = 0 [pid 2328] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2327] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2328] <... futex resumed>) = 0 [pid 2328] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2331 attached [pid 2331] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2331] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2331] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2327] <... futex resumed>) = 0 [pid 2327] exit_group(0 [pid 2328] <... futex resumed>) = ? [pid 2327] <... exit_group resumed>) = ? [pid 2328] +++ exited with 0 +++ [pid 2331] <... futex resumed>) = ? [pid 2331] +++ exited with 0 +++ [pid 2327] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2327, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./394", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./394", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./394/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./394/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./394/binderfs") = 0 umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./394/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./394/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./394/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./394") = 0 mkdir("./395", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2332 ./strace-static-x86_64: Process 2332 attached [pid 2332] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2332] chdir("./395") = 0 [pid 2332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2332] setpgid(0, 0) = 0 [pid 2332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2332] write(3, "1000", 4) = 4 [pid 2332] close(3) = 0 [pid 2332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2332] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2332] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2332] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2333], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2333 [pid 2332] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2332] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2333 attached [pid 2333] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2333] memfd_create("syzkaller", 0) = 3 [pid 2333] ftruncate(3, 2097152) = 0 [pid 2333] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2333] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2333] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2333] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2333] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2333] mkdir("./file0", 0777) = 0 [pid 2333] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2333] ioctl(4, LOOP_CLR_FD) = 0 [pid 2333] close(4) = 0 [pid 2333] close(3) = 0 [pid 2333] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2332] <... futex resumed>) = 0 [pid 2332] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2332] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2333] <... futex resumed>) = 1 [pid 2333] chdir("./file0") = 0 [pid 2333] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2332] <... futex resumed>) = 0 [pid 2333] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2332] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2332] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2333] <... openat resumed>) = 3 [pid 2333] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2332] <... futex resumed>) = 0 [pid 2332] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2332] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2332] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2332] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2333] <... futex resumed>) = 1 [pid 2333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61./strace-static-x86_64: Process 2336 attached ) = 61 [pid 2336] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2332] <... clone resumed>, parent_tid=[2336], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2336 [pid 2336] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2332] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2332] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2333] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2333] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2336] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2336] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2332] <... futex resumed>) = 0 [pid 2332] exit_group(0) = ? [pid 2333] <... futex resumed>) = ? [pid 2333] +++ exited with 0 +++ [pid 2336] <... futex resumed>) = ? [pid 2336] +++ exited with 0 +++ [pid 2332] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2332, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./395", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./395", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./395/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./395/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./395/binderfs") = 0 umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./395/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./395/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./395/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./395") = 0 mkdir("./396", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2337 ./strace-static-x86_64: Process 2337 attached [pid 2337] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2337] chdir("./396") = 0 [pid 2337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2337] setpgid(0, 0) = 0 [pid 2337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2337] write(3, "1000", 4) = 4 [pid 2337] close(3) = 0 [pid 2337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2337] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2337] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2337] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2338], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2338 [pid 2337] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2337] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2338 attached [pid 2338] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2338] memfd_create("syzkaller", 0) = 3 [pid 2338] ftruncate(3, 2097152) = 0 [pid 2338] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2338] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2338] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2338] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2338] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2338] mkdir("./file0", 0777) = 0 [pid 2338] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2338] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2338] ioctl(4, LOOP_CLR_FD) = 0 [pid 2338] close(4) = 0 [pid 2338] close(3) = 0 [pid 2338] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2337] <... futex resumed>) = 0 [pid 2338] chdir("./file0" [pid 2337] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2338] <... chdir resumed>) = 0 [pid 2337] <... futex resumed>) = 0 [pid 2338] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2337] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2338] <... futex resumed>) = 0 [pid 2337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2338] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2337] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2337] <... futex resumed>) = 0 [pid 2338] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2337] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2338] <... openat resumed>) = 3 [pid 2338] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2337] <... futex resumed>) = 0 [pid 2338] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2337] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2337] <... futex resumed>) = 0 [pid 2338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2337] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2338] <... write resumed>) = 61 [pid 2337] <... futex resumed>) = 0 [pid 2338] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2338] <... futex resumed>) = 0 [pid 2337] <... mmap resumed>) = 0x7f697cdae000 [pid 2338] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2337] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2337] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2341 attached [pid 2341] set_robust_list(0x7f697cdce9e0, 24 [pid 2337] <... clone resumed>, parent_tid=[2341], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2341 [pid 2341] <... set_robust_list resumed>) = 0 [pid 2337] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2341] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2337] <... futex resumed>) = 0 [pid 2337] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2341] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2341] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2337] <... futex resumed>) = 0 [pid 2341] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2337] exit_group(0) = ? [pid 2341] <... futex resumed>) = ? [pid 2338] <... futex resumed>) = ? [pid 2338] +++ exited with 0 +++ [pid 2341] +++ exited with 0 +++ [pid 2337] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2337, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./396", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./396", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./396/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./396/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./396/binderfs") = 0 umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./396/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./396/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./396/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./396") = 0 mkdir("./397", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2342 ./strace-static-x86_64: Process 2342 attached [pid 2342] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2342] chdir("./397") = 0 [pid 2342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2342] setpgid(0, 0) = 0 [pid 2342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2342] write(3, "1000", 4) = 4 [pid 2342] close(3) = 0 [pid 2342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2342] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2342] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2342] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2343], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2343 [pid 2342] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2342] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2343 attached [pid 2343] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2343] memfd_create("syzkaller", 0) = 3 [pid 2343] ftruncate(3, 2097152) = 0 [pid 2343] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2343] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2343] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2343] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2343] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2343] mkdir("./file0", 0777) = 0 [pid 2343] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2343] ioctl(4, LOOP_CLR_FD) = 0 [pid 2343] close(4) = 0 [pid 2343] close(3) = 0 [pid 2343] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2342] <... futex resumed>) = 0 [pid 2342] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2343] chdir("./file0") = 0 [pid 2342] <... futex resumed>) = 0 [pid 2342] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2343] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2342] <... futex resumed>) = 0 [pid 2342] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2342] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2343] <... futex resumed>) = 1 [pid 2343] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2343] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2342] <... futex resumed>) = 0 [pid 2342] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2342] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2342] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2342] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2346], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2346 [pid 2342] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2342] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2343] <... futex resumed>) = 1 [pid 2343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2343] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2343] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2346 attached [pid 2346] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2346] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2346] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2342] <... futex resumed>) = 0 [pid 2342] exit_group(0) = ? [pid 2343] <... futex resumed>) = ? [pid 2343] +++ exited with 0 +++ [pid 2346] +++ exited with 0 +++ [pid 2342] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2342, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./397", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./397", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./397/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./397/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./397/binderfs") = 0 umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./397/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./397/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./397/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./397") = 0 mkdir("./398", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2347 ./strace-static-x86_64: Process 2347 attached [pid 2347] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2347] chdir("./398") = 0 [pid 2347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2347] setpgid(0, 0) = 0 [pid 2347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2347] write(3, "1000", 4) = 4 [pid 2347] close(3) = 0 [pid 2347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2347] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2347] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2347] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2348], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2348 [pid 2347] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2347] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2348 attached [pid 2348] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2348] memfd_create("syzkaller", 0) = 3 [pid 2348] ftruncate(3, 2097152) = 0 [pid 2348] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2348] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2348] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2348] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2348] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2348] mkdir("./file0", 0777) = 0 [pid 2348] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2348] ioctl(4, LOOP_CLR_FD) = 0 [pid 2348] close(4) = 0 [pid 2348] close(3) = 0 [pid 2348] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2347] <... futex resumed>) = 0 [pid 2347] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2347] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2348] chdir("./file0") = 0 [pid 2348] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2347] <... futex resumed>) = 0 [pid 2347] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2347] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2348] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2348] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2347] <... futex resumed>) = 0 [pid 2347] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2347] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2347] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2347] <... mprotect resumed>) = 0 [pid 2347] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2348] <... write resumed>) = 61 [pid 2348] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2351 attached ) = 0 [pid 2348] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2351] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2351] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2347] <... clone resumed>, parent_tid=[2351], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2351 [pid 2347] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2347] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2351] <... futex resumed>) = 0 [pid 2351] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2351] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2347] <... futex resumed>) = 0 [pid 2347] exit_group(0 [pid 2348] <... futex resumed>) = ? [pid 2347] <... exit_group resumed>) = ? [pid 2348] +++ exited with 0 +++ [pid 2351] <... futex resumed>) = ? [pid 2351] +++ exited with 0 +++ [pid 2347] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2347, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./398", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./398", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./398/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./398/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./398/binderfs") = 0 umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./398/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./398/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./398/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./398") = 0 mkdir("./399", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2352 ./strace-static-x86_64: Process 2352 attached [pid 2352] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2352] chdir("./399") = 0 [pid 2352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2352] setpgid(0, 0) = 0 [pid 2352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2352] write(3, "1000", 4) = 4 [pid 2352] close(3) = 0 [pid 2352] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2352] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2352] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2352] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2353 attached , parent_tid=[2353], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2353 [pid 2352] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2352] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2353] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2353] memfd_create("syzkaller", 0) = 3 [pid 2353] ftruncate(3, 2097152) = 0 [pid 2353] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2353] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2353] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2353] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2353] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2353] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2353] mkdir("./file0", 0777) = 0 [pid 2353] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2353] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2353] ioctl(4, LOOP_CLR_FD) = 0 [pid 2353] close(4) = 0 [pid 2353] close(3) = 0 [pid 2353] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2352] <... futex resumed>) = 0 [pid 2352] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2352] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2353] chdir("./file0") = 0 [pid 2353] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2352] <... futex resumed>) = 0 [pid 2352] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2352] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2353] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2353] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2352] <... futex resumed>) = 0 [pid 2352] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2352] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2352] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2352] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2356 attached , parent_tid=[2356], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2356 [pid 2352] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2356] set_robust_list(0x7f697cdce9e0, 24 [pid 2352] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2353] <... futex resumed>) = 1 [pid 2353] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2353] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2353] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2356] <... set_robust_list resumed>) = 0 [pid 2356] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2356] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2352] <... futex resumed>) = 0 [pid 2352] exit_group(0) = ? [pid 2353] <... futex resumed>) = ? [pid 2356] <... futex resumed>) = ? [pid 2353] +++ exited with 0 +++ [pid 2356] +++ exited with 0 +++ [pid 2352] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2352, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./399", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./399", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./399/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./399/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./399/binderfs") = 0 umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./399/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./399/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./399/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./399") = 0 mkdir("./400", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2357 ./strace-static-x86_64: Process 2357 attached [pid 2357] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2357] chdir("./400") = 0 [pid 2357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2357] setpgid(0, 0) = 0 [pid 2357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2357] write(3, "1000", 4) = 4 [pid 2357] close(3) = 0 [pid 2357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2357] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2357] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2357] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2358], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2358 [pid 2357] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2357] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2358 attached [pid 2358] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2358] memfd_create("syzkaller", 0) = 3 [pid 2358] ftruncate(3, 2097152) = 0 [pid 2358] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2358] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2358] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2358] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2358] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2358] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2358] mkdir("./file0", 0777) = 0 [pid 2358] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2358] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2358] ioctl(4, LOOP_CLR_FD) = 0 [pid 2358] close(4) = 0 [pid 2358] close(3) = 0 [pid 2358] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2357] <... futex resumed>) = 0 [pid 2357] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2357] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2358] <... futex resumed>) = 1 [pid 2358] chdir("./file0") = 0 [pid 2358] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2357] <... futex resumed>) = 0 [pid 2357] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2357] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2358] <... futex resumed>) = 1 [pid 2358] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2358] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2358] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2357] <... futex resumed>) = 0 [pid 2357] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2358] <... futex resumed>) = 0 [pid 2357] <... futex resumed>) = 1 [pid 2358] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2357] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2358] <... write resumed>) = 61 [pid 2357] <... futex resumed>) = 0 [pid 2358] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2358] <... futex resumed>) = 0 [pid 2357] <... mmap resumed>) = 0x7f697cdae000 [pid 2358] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2357] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2357] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2361 attached [pid 2361] set_robust_list(0x7f697cdce9e0, 24 [pid 2357] <... clone resumed>, parent_tid=[2361], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2361 [pid 2357] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2357] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2361] <... set_robust_list resumed>) = 0 [pid 2361] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2361] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2357] <... futex resumed>) = 0 [pid 2357] exit_group(0 [pid 2358] <... futex resumed>) = ? [pid 2357] <... exit_group resumed>) = ? [pid 2358] +++ exited with 0 +++ [pid 2361] <... futex resumed>) = ? [pid 2361] +++ exited with 0 +++ [pid 2357] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2357, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./400", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./400", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./400/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./400/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./400/binderfs") = 0 umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./400/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./400/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./400/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./400") = 0 mkdir("./401", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2362 ./strace-static-x86_64: Process 2362 attached [pid 2362] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2362] chdir("./401") = 0 [pid 2362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2362] setpgid(0, 0) = 0 [pid 2362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2362] write(3, "1000", 4) = 4 [pid 2362] close(3) = 0 [pid 2362] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2362] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2362] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2362] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2363], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2363 [pid 2362] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2362] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2363 attached [pid 2363] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2363] memfd_create("syzkaller", 0) = 3 [pid 2363] ftruncate(3, 2097152) = 0 [pid 2363] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2363] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2363] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2363] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2363] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2363] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2363] mkdir("./file0", 0777) = 0 [pid 2363] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2363] ioctl(4, LOOP_CLR_FD) = 0 [pid 2363] close(4) = 0 [pid 2363] close(3) = 0 [pid 2363] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2362] <... futex resumed>) = 0 [pid 2362] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2363] chdir("./file0" [pid 2362] <... futex resumed>) = 0 [pid 2362] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2363] <... chdir resumed>) = 0 [pid 2363] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2363] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2362] <... futex resumed>) = 0 [pid 2363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2362] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2363] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2362] <... futex resumed>) = 0 [pid 2362] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2363] <... openat resumed>) = 3 [pid 2363] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2362] <... futex resumed>) = 0 [pid 2363] <... futex resumed>) = 1 [pid 2362] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2363] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2363] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2362] <... futex resumed>) = 0 [pid 2363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2362] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2363] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2362] <... futex resumed>) = 0 [pid 2362] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2363] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2363] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2362] <... futex resumed>) = 0 [pid 2363] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2362] exit_group(0 [pid 2363] <... futex resumed>) = ? [pid 2362] <... exit_group resumed>) = ? [pid 2363] +++ exited with 0 +++ [pid 2362] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2362, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./401", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./401", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./401/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./401/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./401/binderfs") = 0 umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./401/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./401/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./401/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./401") = 0 mkdir("./402", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2366 ./strace-static-x86_64: Process 2366 attached [pid 2366] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2366] chdir("./402") = 0 [pid 2366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2366] setpgid(0, 0) = 0 [pid 2366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2366] write(3, "1000", 4) = 4 [pid 2366] close(3) = 0 [pid 2366] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2366] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2366] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2366] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2367 attached , parent_tid=[2367], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2367 [pid 2367] set_robust_list(0x7f697cdef9e0, 24 [pid 2366] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2367] <... set_robust_list resumed>) = 0 [pid 2366] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2367] memfd_create("syzkaller", 0) = 3 [pid 2367] ftruncate(3, 2097152) = 0 [pid 2367] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2367] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2367] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2367] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2367] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2367] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2367] mkdir("./file0", 0777) = 0 [pid 2367] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2367] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2367] ioctl(4, LOOP_CLR_FD) = 0 [pid 2367] close(4) = 0 [pid 2367] close(3) = 0 [pid 2367] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2366] <... futex resumed>) = 0 [pid 2366] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2367] chdir("./file0" [pid 2366] <... futex resumed>) = 0 [pid 2366] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2367] <... chdir resumed>) = 0 [pid 2367] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2366] <... futex resumed>) = 0 [pid 2367] <... futex resumed>) = 1 [pid 2366] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2367] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2366] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2367] <... openat resumed>) = 3 [pid 2367] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2366] <... futex resumed>) = 0 [pid 2367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2366] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2367] <... write resumed>) = 61 [pid 2366] <... futex resumed>) = 0 [pid 2367] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2366] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2367] <... futex resumed>) = 0 [pid 2366] <... futex resumed>) = 0 [pid 2367] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2366] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2366] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2370], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2370 [pid 2366] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2370 attached [pid 2366] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2370] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2370] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2370] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2366] <... futex resumed>) = 0 [pid 2366] exit_group(0) = ? [pid 2367] <... futex resumed>) = ? [pid 2370] +++ exited with 0 +++ [pid 2367] +++ exited with 0 +++ [pid 2366] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2366, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./402", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./402", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./402/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./402/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./402/binderfs") = 0 umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./402/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./402/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./402/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./402") = 0 mkdir("./403", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2371 ./strace-static-x86_64: Process 2371 attached [pid 2371] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2371] chdir("./403") = 0 [pid 2371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2371] setpgid(0, 0) = 0 [pid 2371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2371] write(3, "1000", 4) = 4 [pid 2371] close(3) = 0 [pid 2371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2371] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2371] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2371] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2372], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2372 [pid 2371] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2371] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2372 attached [pid 2372] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2372] memfd_create("syzkaller", 0) = 3 [pid 2372] ftruncate(3, 2097152) = 0 [pid 2372] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2372] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2372] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2372] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2372] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2372] mkdir("./file0", 0777) = 0 [pid 2372] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2372] ioctl(4, LOOP_CLR_FD) = 0 [pid 2372] close(4) = 0 [pid 2372] close(3) = 0 [pid 2372] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2371] <... futex resumed>) = 0 [pid 2372] <... futex resumed>) = 1 [pid 2371] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2371] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2372] chdir("./file0") = 0 [pid 2372] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2371] <... futex resumed>) = 0 [pid 2372] <... futex resumed>) = 1 [pid 2371] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2371] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2372] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2372] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2371] <... futex resumed>) = 0 [pid 2371] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2371] <... futex resumed>) = 0 [pid 2371] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2372] <... write resumed>) = 61 [pid 2371] <... mmap resumed>) = 0x7f697cdae000 [pid 2371] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2372] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2371] <... mprotect resumed>) = 0 [pid 2372] <... futex resumed>) = 0 [pid 2371] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2372] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2371] <... clone resumed>, parent_tid=[2375], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2375 [pid 2371] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2371] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2375 attached [pid 2375] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2375] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2375] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2371] <... futex resumed>) = 0 [pid 2371] exit_group(0) = ? [pid 2372] <... futex resumed>) = ? [pid 2372] +++ exited with 0 +++ [pid 2375] <... futex resumed>) = ? [pid 2375] +++ exited with 0 +++ [pid 2371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2371, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./403", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./403", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./403/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./403/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./403/binderfs") = 0 umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./403/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./403/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./403/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./403") = 0 mkdir("./404", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2376 ./strace-static-x86_64: Process 2376 attached [pid 2376] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2376] chdir("./404") = 0 [pid 2376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2376] setpgid(0, 0) = 0 [pid 2376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2376] write(3, "1000", 4) = 4 [pid 2376] close(3) = 0 [pid 2376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2376] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2376] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2376] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2377], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2377 [pid 2376] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2376] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2377 attached [pid 2377] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2377] memfd_create("syzkaller", 0) = 3 [pid 2377] ftruncate(3, 2097152) = 0 [pid 2377] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2377] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2377] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2377] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2377] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2377] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2377] mkdir("./file0", 0777) = 0 [pid 2377] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2377] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2377] ioctl(4, LOOP_CLR_FD) = 0 [pid 2377] close(4) = 0 [pid 2377] close(3) = 0 [pid 2377] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2376] <... futex resumed>) = 0 [pid 2376] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2376] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2377] <... futex resumed>) = 1 [pid 2377] chdir("./file0") = 0 [pid 2377] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2376] <... futex resumed>) = 0 [pid 2376] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2376] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2377] <... futex resumed>) = 1 [pid 2377] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2377] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2376] <... futex resumed>) = 0 [pid 2376] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2376] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2376] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2376] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2380], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2380 [pid 2376] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2376] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2377] <... futex resumed>) = 1 [pid 2377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2377] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2377] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2380 attached [pid 2380] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2380] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2380] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2376] <... futex resumed>) = 0 [pid 2376] exit_group(0 [pid 2377] <... futex resumed>) = ? [pid 2376] <... exit_group resumed>) = ? [pid 2377] +++ exited with 0 +++ [pid 2380] <... futex resumed>) = ? [pid 2380] +++ exited with 0 +++ [pid 2376] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2376, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./404", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./404", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./404/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./404/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./404/binderfs") = 0 umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./404/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./404/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./404/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./404") = 0 mkdir("./405", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2381 ./strace-static-x86_64: Process 2381 attached [pid 2381] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2381] chdir("./405") = 0 [pid 2381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2381] setpgid(0, 0) = 0 [pid 2381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2381] write(3, "1000", 4) = 4 [pid 2381] close(3) = 0 [pid 2381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2381] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2381] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2381] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2382], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2382 [pid 2381] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2381] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2382 attached [pid 2382] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2382] memfd_create("syzkaller", 0) = 3 [pid 2382] ftruncate(3, 2097152) = 0 [pid 2382] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2382] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2382] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2382] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2382] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2382] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2382] mkdir("./file0", 0777) = 0 [pid 2382] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2382] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2382] ioctl(4, LOOP_CLR_FD) = 0 [pid 2382] close(4) = 0 [pid 2382] close(3) = 0 [pid 2382] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2381] <... futex resumed>) = 0 [pid 2381] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2381] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2382] <... futex resumed>) = 1 [pid 2382] chdir("./file0") = 0 [pid 2382] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2381] <... futex resumed>) = 0 [pid 2381] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2381] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2382] <... futex resumed>) = 1 [pid 2382] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2382] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2381] <... futex resumed>) = 0 [pid 2381] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2381] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2381] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2381] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2385], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2385 [pid 2381] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2381] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2382] <... futex resumed>) = 1 [pid 2382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2382] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2382] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2385 attached [pid 2385] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2385] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2385] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2381] <... futex resumed>) = 0 [pid 2381] exit_group(0) = ? [pid 2382] <... futex resumed>) = ? [pid 2382] +++ exited with 0 +++ [pid 2385] <... futex resumed>) = ? [pid 2385] +++ exited with 0 +++ [pid 2381] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2381, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./405", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./405", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./405/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./405/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./405/binderfs") = 0 umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./405/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./405/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./405/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./405") = 0 mkdir("./406", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2386 ./strace-static-x86_64: Process 2386 attached [pid 2386] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2386] chdir("./406") = 0 [pid 2386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2386] setpgid(0, 0) = 0 [pid 2386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2386] write(3, "1000", 4) = 4 [pid 2386] close(3) = 0 [pid 2386] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2386] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2386] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2386] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2387], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2387 [pid 2386] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2386] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2387 attached [pid 2387] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2387] memfd_create("syzkaller", 0) = 3 [pid 2387] ftruncate(3, 2097152) = 0 [pid 2387] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2387] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2387] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2387] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2387] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2387] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2387] mkdir("./file0", 0777) = 0 [pid 2387] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2387] ioctl(4, LOOP_CLR_FD) = 0 [pid 2387] close(4) = 0 [pid 2387] close(3) = 0 [pid 2387] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2386] <... futex resumed>) = 0 [pid 2386] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2386] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2387] chdir("./file0") = 0 [pid 2387] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2386] <... futex resumed>) = 0 [pid 2386] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2386] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2387] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2387] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2386] <... futex resumed>) = 0 [pid 2386] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2386] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2386] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2386] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2390], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2390 [pid 2386] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2386] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2387] <... futex resumed>) = 1 [pid 2387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2387] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2387] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2390 attached [pid 2390] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2390] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2390] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2386] <... futex resumed>) = 0 [pid 2386] exit_group(0) = ? [pid 2387] <... futex resumed>) = ? [pid 2387] +++ exited with 0 +++ [pid 2390] <... futex resumed>) = ? [pid 2390] +++ exited with 0 +++ [pid 2386] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2386, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./406", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./406", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./406/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./406/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./406/binderfs") = 0 umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./406/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./406/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./406/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./406") = 0 mkdir("./407", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2391 ./strace-static-x86_64: Process 2391 attached [pid 2391] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2391] chdir("./407") = 0 [pid 2391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2391] setpgid(0, 0) = 0 [pid 2391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2391] write(3, "1000", 4) = 4 [pid 2391] close(3) = 0 [pid 2391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2391] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2391] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2391] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2392], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2392 [pid 2391] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2391] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2392 attached [pid 2392] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2392] memfd_create("syzkaller", 0) = 3 [pid 2392] ftruncate(3, 2097152) = 0 [pid 2392] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2392] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2392] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2392] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2392] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2392] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2392] mkdir("./file0", 0777) = 0 [pid 2392] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2392] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2392] ioctl(4, LOOP_CLR_FD) = 0 [pid 2392] close(4) = 0 [pid 2392] close(3) = 0 [pid 2392] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2391] <... futex resumed>) = 0 [pid 2391] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2391] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2392] chdir("./file0") = 0 [pid 2392] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2391] <... futex resumed>) = 0 [pid 2391] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2391] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2392] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2392] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2391] <... futex resumed>) = 0 [pid 2391] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2391] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2391] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2391] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2391] <... clone resumed>, parent_tid=[2395], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2395 [pid 2392] <... write resumed>) = 61 [pid 2391] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2392] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2391] <... futex resumed>) = 0 [pid 2392] <... futex resumed>) = 0 [pid 2391] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2392] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2395 attached [pid 2395] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2395] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2395] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2391] <... futex resumed>) = 0 [pid 2391] exit_group(0 [pid 2392] <... futex resumed>) = ? [pid 2391] <... exit_group resumed>) = ? [pid 2392] +++ exited with 0 +++ [pid 2395] <... futex resumed>) = ? [pid 2395] +++ exited with 0 +++ [pid 2391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2391, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./407", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./407", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./407/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./407/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./407/binderfs") = 0 umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./407/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./407/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./407/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./407") = 0 mkdir("./408", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2396 ./strace-static-x86_64: Process 2396 attached [pid 2396] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2396] chdir("./408") = 0 [pid 2396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2396] setpgid(0, 0) = 0 [pid 2396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2396] write(3, "1000", 4) = 4 [pid 2396] close(3) = 0 [pid 2396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2396] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2396] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2396] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2397], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2397 [pid 2396] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2396] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2397 attached [pid 2397] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2397] memfd_create("syzkaller", 0) = 3 [pid 2397] ftruncate(3, 2097152) = 0 [pid 2397] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2397] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2397] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2397] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2397] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2397] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2397] mkdir("./file0", 0777) = 0 [pid 2397] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2397] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2397] ioctl(4, LOOP_CLR_FD) = 0 [pid 2397] close(4) = 0 [pid 2397] close(3) = 0 [pid 2397] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2396] <... futex resumed>) = 0 [pid 2396] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2396] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2397] chdir("./file0") = 0 [pid 2397] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2396] <... futex resumed>) = 0 [pid 2396] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2396] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2397] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2397] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2396] <... futex resumed>) = 0 [pid 2396] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2396] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2396] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2396] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2400], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2400 [pid 2396] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2396] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2397] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2397] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2400 attached [pid 2400] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2400] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2400] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2396] <... futex resumed>) = 0 [pid 2396] exit_group(0 [pid 2397] <... futex resumed>) = ? [pid 2396] <... exit_group resumed>) = ? [pid 2397] +++ exited with 0 +++ [pid 2400] <... futex resumed>) = ? [pid 2400] +++ exited with 0 +++ [pid 2396] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2396, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./408", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./408", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./408/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./408/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./408/binderfs") = 0 umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./408/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./408/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./408/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./408") = 0 mkdir("./409", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2401 ./strace-static-x86_64: Process 2401 attached [pid 2401] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2401] chdir("./409") = 0 [pid 2401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2401] setpgid(0, 0) = 0 [pid 2401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2401] write(3, "1000", 4) = 4 [pid 2401] close(3) = 0 [pid 2401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2401] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2401] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2401] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2402], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2402 [pid 2401] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2401] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2402 attached [pid 2402] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2402] memfd_create("syzkaller", 0) = 3 [pid 2402] ftruncate(3, 2097152) = 0 [pid 2402] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2402] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2402] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2402] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2402] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2402] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2402] mkdir("./file0", 0777) = 0 [pid 2402] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2402] ioctl(4, LOOP_CLR_FD) = 0 [pid 2402] close(4) = 0 [pid 2402] close(3) = 0 [pid 2402] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2401] <... futex resumed>) = 0 [pid 2401] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2401] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2402] <... futex resumed>) = 1 [pid 2402] chdir("./file0") = 0 [pid 2402] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2401] <... futex resumed>) = 0 [pid 2401] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2401] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2402] <... futex resumed>) = 1 [pid 2402] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2402] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2401] <... futex resumed>) = 0 [pid 2401] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2401] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2401] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2401] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2405], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2405 [pid 2401] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2401] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2402] <... futex resumed>) = 1 [pid 2402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2402] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2402] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2405 attached [pid 2405] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2405] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2405] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2401] <... futex resumed>) = 0 [pid 2401] exit_group(0) = ? [pid 2402] <... futex resumed>) = ? [pid 2402] +++ exited with 0 +++ [pid 2405] <... futex resumed>) = ? [pid 2405] +++ exited with 0 +++ [pid 2401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2401, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./409", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./409", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./409/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./409/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./409/binderfs") = 0 umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./409/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./409/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./409/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./409") = 0 mkdir("./410", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2406 attached [pid 2406] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2406] chdir("./410") = 0 [pid 371] <... clone resumed>, child_tidptr=0x555555cf25d0) = 2406 [pid 2406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2406] setpgid(0, 0) = 0 [pid 2406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2406] write(3, "1000", 4) = 4 [pid 2406] close(3) = 0 [pid 2406] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2406] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2406] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2406] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2407], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2407 [pid 2406] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2406] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2407 attached [pid 2407] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2407] memfd_create("syzkaller", 0) = 3 [pid 2407] ftruncate(3, 2097152) = 0 [pid 2407] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2407] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2407] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2407] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2407] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2407] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2407] mkdir("./file0", 0777) = 0 [pid 2407] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2407] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2407] ioctl(4, LOOP_CLR_FD) = 0 [pid 2407] close(4) = 0 [pid 2407] close(3) = 0 [pid 2407] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2406] <... futex resumed>) = 0 [pid 2406] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2406] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2407] chdir("./file0") = 0 [pid 2407] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2406] <... futex resumed>) = 0 [pid 2406] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2406] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2407] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2407] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2406] <... futex resumed>) = 0 [pid 2406] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2406] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2406] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2406] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2407] <... write resumed>) = 61 [pid 2407] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2406] <... clone resumed>, parent_tid=[2410], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2410 [pid 2407] <... futex resumed>) = 0 [pid 2406] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2407] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2406] <... futex resumed>) = 0 [pid 2406] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2410 attached [pid 2410] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2410] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2410] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2406] <... futex resumed>) = 0 [pid 2406] exit_group(0 [pid 2407] <... futex resumed>) = ? [pid 2406] <... exit_group resumed>) = ? [pid 2407] +++ exited with 0 +++ [pid 2410] +++ exited with 0 +++ [pid 2406] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2406, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./410", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./410", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./410/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./410/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./410/binderfs") = 0 umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./410/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./410/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./410/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./410") = 0 mkdir("./411", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2411 ./strace-static-x86_64: Process 2411 attached [pid 2411] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2411] chdir("./411") = 0 [pid 2411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2411] setpgid(0, 0) = 0 [pid 2411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2411] write(3, "1000", 4) = 4 [pid 2411] close(3) = 0 [pid 2411] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2411] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2411] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2411] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2412], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2412 [pid 2411] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2411] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2412 attached [pid 2412] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2412] memfd_create("syzkaller", 0) = 3 [pid 2412] ftruncate(3, 2097152) = 0 [pid 2412] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2412] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2412] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2412] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2412] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2412] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2412] mkdir("./file0", 0777) = 0 [pid 2412] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2412] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2412] ioctl(4, LOOP_CLR_FD) = 0 [pid 2412] close(4) = 0 [pid 2412] close(3) = 0 [pid 2412] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2411] <... futex resumed>) = 0 [pid 2411] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2411] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2412] chdir("./file0") = 0 [pid 2412] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2411] <... futex resumed>) = 0 [pid 2411] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2411] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2412] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2412] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2411] <... futex resumed>) = 0 [pid 2411] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2411] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2411] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2411] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2415], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2415 [pid 2411] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2411] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2412] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2412] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2412] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2415 attached [pid 2415] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2415] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2415] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2411] <... futex resumed>) = 0 [pid 2411] exit_group(0 [pid 2412] <... futex resumed>) = ? [pid 2411] <... exit_group resumed>) = ? [pid 2412] +++ exited with 0 +++ [pid 2415] <... futex resumed>) = ? [pid 2415] +++ exited with 0 +++ [pid 2411] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2411, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./411", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./411", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./411/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./411/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./411/binderfs") = 0 umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./411/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./411/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./411/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./411") = 0 mkdir("./412", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2416 ./strace-static-x86_64: Process 2416 attached [pid 2416] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2416] chdir("./412") = 0 [pid 2416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2416] setpgid(0, 0) = 0 [pid 2416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2416] write(3, "1000", 4) = 4 [pid 2416] close(3) = 0 [pid 2416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2416] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2416] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2416] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2417], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2417 [pid 2416] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2416] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2417 attached [pid 2417] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2417] memfd_create("syzkaller", 0) = 3 [pid 2417] ftruncate(3, 2097152) = 0 [pid 2417] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2417] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2417] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2417] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2417] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2417] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2417] mkdir("./file0", 0777) = 0 [pid 2417] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2417] ioctl(4, LOOP_CLR_FD) = 0 [pid 2417] close(4) = 0 [pid 2417] close(3) = 0 [pid 2417] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2416] <... futex resumed>) = 0 [pid 2417] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2416] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2417] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2417] chdir("./file0" [pid 2416] <... futex resumed>) = 0 [pid 2417] <... chdir resumed>) = 0 [pid 2416] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2417] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2416] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2417] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2416] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2417] <... futex resumed>) = 0 [pid 2416] <... futex resumed>) = 1 [pid 2417] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2416] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2417] <... openat resumed>) = 3 [pid 2417] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2416] <... futex resumed>) = 0 [pid 2417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2416] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2417] <... write resumed>) = 61 [pid 2416] <... futex resumed>) = 0 [pid 2417] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2416] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2417] <... futex resumed>) = 0 [pid 2416] <... futex resumed>) = 0 [pid 2417] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2416] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2416] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2420], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2420 [pid 2416] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2416] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2420 attached [pid 2420] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2420] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2420] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2416] <... futex resumed>) = 0 [pid 2416] exit_group(0 [pid 2417] <... futex resumed>) = ? [pid 2416] <... exit_group resumed>) = ? [pid 2417] +++ exited with 0 +++ [pid 2420] <... futex resumed>) = ? [pid 2420] +++ exited with 0 +++ [pid 2416] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2416, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./412", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./412", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./412/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./412/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./412/binderfs") = 0 umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./412/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./412/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./412/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./412") = 0 mkdir("./413", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2421 ./strace-static-x86_64: Process 2421 attached [pid 2421] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2421] chdir("./413") = 0 [pid 2421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2421] setpgid(0, 0) = 0 [pid 2421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2421] write(3, "1000", 4) = 4 [pid 2421] close(3) = 0 [pid 2421] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2421] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2421] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2421] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2422 attached , parent_tid=[2422], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2422 [pid 2422] set_robust_list(0x7f697cdef9e0, 24 [pid 2421] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2422] <... set_robust_list resumed>) = 0 [pid 2421] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2422] memfd_create("syzkaller", 0) = 3 [pid 2422] ftruncate(3, 2097152) = 0 [pid 2422] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2422] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2422] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2422] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2422] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2422] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2422] mkdir("./file0", 0777) = 0 [pid 2422] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2422] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2422] ioctl(4, LOOP_CLR_FD) = 0 [pid 2422] close(4) = 0 [pid 2422] close(3) = 0 [pid 2422] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2421] <... futex resumed>) = 0 [pid 2422] <... futex resumed>) = 1 [pid 2421] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2422] chdir("./file0" [pid 2421] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2422] <... chdir resumed>) = 0 [pid 2422] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2421] <... futex resumed>) = 0 [pid 2422] <... futex resumed>) = 1 [pid 2421] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2422] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2421] <... futex resumed>) = 0 [pid 2421] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2422] <... openat resumed>) = 3 [pid 2422] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2421] <... futex resumed>) = 0 [pid 2421] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2421] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2421] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2421] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2425], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2425 [pid 2421] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2421] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2422] <... futex resumed>) = 1 [pid 2422] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2422] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2422] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2425 attached [pid 2425] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2425] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2425] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2421] <... futex resumed>) = 0 [pid 2421] exit_group(0) = ? [pid 2422] <... futex resumed>) = ? [pid 2422] +++ exited with 0 +++ [pid 2425] <... futex resumed>) = ? [pid 2425] +++ exited with 0 +++ [pid 2421] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2421, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./413", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./413", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./413/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./413/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./413/binderfs") = 0 umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./413/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./413/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./413/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./413") = 0 mkdir("./414", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2426 ./strace-static-x86_64: Process 2426 attached [pid 2426] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2426] chdir("./414") = 0 [pid 2426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2426] setpgid(0, 0) = 0 [pid 2426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2426] write(3, "1000", 4) = 4 [pid 2426] close(3) = 0 [pid 2426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2426] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2426] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2426] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2427], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2427 [pid 2426] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2426] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2427 attached [pid 2427] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2427] memfd_create("syzkaller", 0) = 3 [pid 2427] ftruncate(3, 2097152) = 0 [pid 2427] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2427] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2427] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2427] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2427] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2427] mkdir("./file0", 0777) = 0 [pid 2427] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2427] ioctl(4, LOOP_CLR_FD) = 0 [pid 2427] close(4) = 0 [pid 2427] close(3) = 0 [pid 2427] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2426] <... futex resumed>) = 0 [pid 2427] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2426] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2426] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2427] chdir("./file0") = 0 [pid 2427] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2426] <... futex resumed>) = 0 [pid 2426] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2427] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2426] <... futex resumed>) = 0 [pid 2426] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2427] <... openat resumed>) = 3 [pid 2427] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2426] <... futex resumed>) = 0 [pid 2426] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2426] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2426] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2426] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2430], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2430 [pid 2426] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2426] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2430 attached [pid 2427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2430] set_robust_list(0x7f697cdce9e0, 24 [pid 2427] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2427] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2430] <... set_robust_list resumed>) = 0 [pid 2430] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2430] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2426] <... futex resumed>) = 0 [pid 2426] exit_group(0) = ? [pid 2427] <... futex resumed>) = ? [pid 2430] <... futex resumed>) = ? [pid 2427] +++ exited with 0 +++ [pid 2430] +++ exited with 0 +++ [pid 2426] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2426, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./414", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./414", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./414/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./414/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./414/binderfs") = 0 umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./414/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./414/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./414/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./414") = 0 mkdir("./415", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2431 ./strace-static-x86_64: Process 2431 attached [pid 2431] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2431] chdir("./415") = 0 [pid 2431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2431] setpgid(0, 0) = 0 [pid 2431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2431] write(3, "1000", 4) = 4 [pid 2431] close(3) = 0 [pid 2431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2431] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2431] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2431] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2432], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2432 [pid 2431] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2431] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2432 attached [pid 2432] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2432] memfd_create("syzkaller", 0) = 3 [pid 2432] ftruncate(3, 2097152) = 0 [pid 2432] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2432] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2432] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2432] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2432] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2432] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2432] mkdir("./file0", 0777) = 0 [pid 2432] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2432] ioctl(4, LOOP_CLR_FD) = 0 [pid 2432] close(4) = 0 [pid 2432] close(3) = 0 [pid 2432] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2431] <... futex resumed>) = 0 [pid 2431] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2431] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2432] <... futex resumed>) = 1 [pid 2432] chdir("./file0") = 0 [pid 2432] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2431] <... futex resumed>) = 0 [pid 2431] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2431] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2432] <... futex resumed>) = 1 [pid 2432] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2432] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2431] <... futex resumed>) = 0 [pid 2431] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2431] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2431] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2431] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2435 attached , parent_tid=[2435], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2435 [pid 2431] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2431] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2435] set_robust_list(0x7f697cdce9e0, 24 [pid 2432] <... futex resumed>) = 1 [pid 2432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2435] <... set_robust_list resumed>) = 0 [pid 2432] <... write resumed>) = 61 [pid 2432] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2435] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2432] <... futex resumed>) = 0 [pid 2432] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2435] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2435] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2431] <... futex resumed>) = 0 [pid 2431] exit_group(0) = ? [pid 2432] <... futex resumed>) = ? [pid 2432] +++ exited with 0 +++ [pid 2435] <... futex resumed>) = ? [pid 2435] +++ exited with 0 +++ [pid 2431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2431, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./415", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./415", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./415/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./415/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./415/binderfs") = 0 umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./415/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./415/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./415/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./415") = 0 mkdir("./416", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2436 ./strace-static-x86_64: Process 2436 attached [pid 2436] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2436] chdir("./416") = 0 [pid 2436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2436] setpgid(0, 0) = 0 [pid 2436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2436] write(3, "1000", 4) = 4 [pid 2436] close(3) = 0 [pid 2436] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2436] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2436] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2436] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2437], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2437 [pid 2436] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2436] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2437 attached [pid 2437] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2437] memfd_create("syzkaller", 0) = 3 [pid 2437] ftruncate(3, 2097152) = 0 [pid 2437] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2437] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2437] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2437] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2437] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2437] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2437] mkdir("./file0", 0777) = 0 [pid 2437] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2437] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2437] ioctl(4, LOOP_CLR_FD) = 0 [pid 2437] close(4) = 0 [pid 2437] close(3) = 0 [pid 2437] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2436] <... futex resumed>) = 0 [pid 2437] <... futex resumed>) = 1 [pid 2436] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2437] chdir("./file0" [pid 2436] <... futex resumed>) = 0 [pid 2437] <... chdir resumed>) = 0 [pid 2436] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2437] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2436] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2437] <... futex resumed>) = 0 [pid 2436] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2437] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2436] <... futex resumed>) = 0 [pid 2436] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2437] <... openat resumed>) = 3 [pid 2437] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2436] <... futex resumed>) = 0 [pid 2437] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2436] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2437] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2436] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2437] <... write resumed>) = 61 [pid 2436] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2437] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2436] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2437] <... futex resumed>) = 0 [pid 2436] <... clone resumed>, parent_tid=[2440], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2440 [pid 2437] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2436] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2436] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2440 attached [pid 2440] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2440] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2440] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2436] <... futex resumed>) = 0 [pid 2436] exit_group(0 [pid 2440] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2437] <... futex resumed>) = ? [pid 2436] <... exit_group resumed>) = ? [pid 2437] +++ exited with 0 +++ [pid 2440] +++ exited with 0 +++ [pid 2436] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2436, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./416", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./416", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./416/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./416/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./416/binderfs") = 0 umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./416/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./416/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./416/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./416") = 0 mkdir("./417", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2441 ./strace-static-x86_64: Process 2441 attached [pid 2441] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2441] chdir("./417") = 0 [pid 2441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2441] setpgid(0, 0) = 0 [pid 2441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2441] write(3, "1000", 4) = 4 [pid 2441] close(3) = 0 [pid 2441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2441] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2441] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2441] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2442 attached , parent_tid=[2442], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2442 [pid 2442] set_robust_list(0x7f697cdef9e0, 24 [pid 2441] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2442] <... set_robust_list resumed>) = 0 [pid 2441] <... futex resumed>) = 0 [pid 2441] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2442] memfd_create("syzkaller", 0) = 3 [pid 2442] ftruncate(3, 2097152) = 0 [pid 2442] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2442] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2442] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2442] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2442] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2442] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2442] mkdir("./file0", 0777) = 0 [pid 2442] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2442] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2442] ioctl(4, LOOP_CLR_FD) = 0 [pid 2442] close(4) = 0 [pid 2442] close(3) = 0 [pid 2442] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2441] <... futex resumed>) = 0 [pid 2441] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2441] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2442] <... futex resumed>) = 1 [pid 2442] chdir("./file0") = 0 [pid 2442] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2441] <... futex resumed>) = 0 [pid 2441] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2441] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2442] <... futex resumed>) = 1 [pid 2442] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2442] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2441] <... futex resumed>) = 0 [pid 2441] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2441] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2441] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2441] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2445], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2445 [pid 2441] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2441] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2442] <... futex resumed>) = 1 [pid 2442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2442] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2442] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2445 attached [pid 2445] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2445] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2445] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2441] <... futex resumed>) = 0 [pid 2441] exit_group(0 [pid 2442] <... futex resumed>) = ? [pid 2441] <... exit_group resumed>) = ? [pid 2442] +++ exited with 0 +++ [pid 2445] <... futex resumed>) = ? [pid 2445] +++ exited with 0 +++ [pid 2441] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2441, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./417", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./417", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./417/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./417/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./417/binderfs") = 0 umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./417/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./417/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./417/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./417") = 0 mkdir("./418", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2446 ./strace-static-x86_64: Process 2446 attached [pid 2446] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2446] chdir("./418") = 0 [pid 2446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2446] setpgid(0, 0) = 0 [pid 2446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2446] write(3, "1000", 4) = 4 [pid 2446] close(3) = 0 [pid 2446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2446] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2446] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2446] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2447 attached , parent_tid=[2447], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2447 [pid 2446] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2446] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2447] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2447] memfd_create("syzkaller", 0) = 3 [pid 2447] ftruncate(3, 2097152) = 0 [pid 2447] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2447] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2447] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2447] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2447] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2447] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2447] mkdir("./file0", 0777) = 0 [pid 2447] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2447] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2447] ioctl(4, LOOP_CLR_FD) = 0 [pid 2447] close(4) = 0 [pid 2447] close(3) = 0 [pid 2447] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2446] <... futex resumed>) = 0 [pid 2446] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2446] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2447] <... futex resumed>) = 1 [pid 2447] chdir("./file0") = 0 [pid 2447] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2446] <... futex resumed>) = 0 [pid 2446] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2446] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2447] <... futex resumed>) = 1 [pid 2447] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2447] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2446] <... futex resumed>) = 0 [pid 2446] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2446] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2446] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2446] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2450 attached , parent_tid=[2450], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2450 [pid 2446] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2446] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2447] <... futex resumed>) = 1 [pid 2450] set_robust_list(0x7f697cdce9e0, 24 [pid 2447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2447] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2450] <... set_robust_list resumed>) = 0 [pid 2447] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2450] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2450] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2446] <... futex resumed>) = 0 [pid 2446] exit_group(0) = ? [pid 2447] <... futex resumed>) = ? [pid 2447] +++ exited with 0 +++ [pid 2450] <... futex resumed>) = ? [pid 2450] +++ exited with 0 +++ [pid 2446] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2446, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./418", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./418", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./418/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./418/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./418/binderfs") = 0 umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./418/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./418/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./418/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./418") = 0 mkdir("./419", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2451 ./strace-static-x86_64: Process 2451 attached [pid 2451] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2451] chdir("./419") = 0 [pid 2451] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2451] setpgid(0, 0) = 0 [pid 2451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2451] write(3, "1000", 4) = 4 [pid 2451] close(3) = 0 [pid 2451] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2451] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2451] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2451] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2452], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2452 [pid 2451] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2452 attached ) = 0 [pid 2452] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2452] memfd_create("syzkaller", 0) = 3 [pid 2452] ftruncate(3, 2097152) = 0 [pid 2452] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2452] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2452] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2452] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2452] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2452] ioctl(4, LOOP_SET_FD, 3 [pid 2451] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2452] <... ioctl resumed>) = 0 [pid 2452] mkdir("./file0", 0777) = 0 [pid 2452] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2452] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2452] ioctl(4, LOOP_CLR_FD) = 0 [pid 2452] close(4) = 0 [pid 2452] close(3) = 0 [pid 2452] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2452] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2451] <... futex resumed>) = 0 [pid 2451] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2451] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2452] <... futex resumed>) = 0 [pid 2452] chdir("./file0") = 0 [pid 2452] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2451] <... futex resumed>) = 0 [pid 2451] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2451] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2452] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2452] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2451] <... futex resumed>) = 0 [pid 2451] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2451] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2451] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2451] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2455], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2455 [pid 2451] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2451] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2455 attached [pid 2455] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2455] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2452] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2455] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2452] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 2452] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2452] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2455] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2451] <... futex resumed>) = 0 [pid 2451] exit_group(0) = ? [pid 2452] <... futex resumed>) = ? [pid 2452] +++ exited with 0 +++ [pid 2455] <... futex resumed>) = ? [pid 2455] +++ exited with 0 +++ [pid 2451] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2451, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./419", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./419", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./419/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./419/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./419/binderfs") = 0 umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./419/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./419/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./419/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./419") = 0 mkdir("./420", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2456 ./strace-static-x86_64: Process 2456 attached [pid 2456] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2456] chdir("./420") = 0 [pid 2456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2456] setpgid(0, 0) = 0 [pid 2456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2456] write(3, "1000", 4) = 4 [pid 2456] close(3) = 0 [pid 2456] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2456] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2456] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2456] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2457], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2457 [pid 2456] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2456] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2457 attached [pid 2457] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2457] memfd_create("syzkaller", 0) = 3 [pid 2457] ftruncate(3, 2097152) = 0 [pid 2457] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2457] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2457] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2457] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2457] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2457] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2457] mkdir("./file0", 0777) = 0 [pid 2457] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2457] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2457] ioctl(4, LOOP_CLR_FD) = 0 [pid 2457] close(4) = 0 [pid 2457] close(3) = 0 [pid 2457] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2456] <... futex resumed>) = 0 [pid 2457] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2456] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2456] <... futex resumed>) = 0 [pid 2457] chdir("./file0" [pid 2456] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2457] <... chdir resumed>) = 0 [pid 2457] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2456] <... futex resumed>) = 0 [pid 2457] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2456] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2457] <... openat resumed>) = 3 [pid 2456] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2457] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2456] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2457] <... futex resumed>) = 0 [pid 2456] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2457] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2456] <... futex resumed>) = 0 [pid 2457] <... write resumed>) = 61 [pid 2456] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2457] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2456] <... futex resumed>) = 0 [pid 2457] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2456] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2456] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2460 attached , parent_tid=[2460], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2460 [pid 2460] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2460] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2456] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2456] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2460] <... futex resumed>) = 0 [pid 2460] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2460] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2456] <... futex resumed>) = 0 [pid 2456] exit_group(0 [pid 2457] <... futex resumed>) = ? [pid 2456] <... exit_group resumed>) = ? [pid 2457] +++ exited with 0 +++ [pid 2460] +++ exited with 0 +++ [pid 2456] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2456, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./420", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./420", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./420/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./420/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./420/binderfs") = 0 umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./420/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./420/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./420/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./420") = 0 mkdir("./421", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2461 ./strace-static-x86_64: Process 2461 attached [pid 2461] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2461] chdir("./421") = 0 [pid 2461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2461] setpgid(0, 0) = 0 [pid 2461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2461] write(3, "1000", 4) = 4 [pid 2461] close(3) = 0 [pid 2461] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2461] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2461] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2461] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2462], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2462 [pid 2461] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2461] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2462 attached [pid 2462] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2462] memfd_create("syzkaller", 0) = 3 [pid 2462] ftruncate(3, 2097152) = 0 [pid 2462] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2462] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2462] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2462] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2462] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2462] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2462] mkdir("./file0", 0777) = 0 [pid 2462] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2462] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2462] ioctl(4, LOOP_CLR_FD) = 0 [pid 2462] close(4) = 0 [pid 2462] close(3) = 0 [pid 2462] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2461] <... futex resumed>) = 0 [pid 2461] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2461] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2462] <... futex resumed>) = 1 [pid 2462] chdir("./file0") = 0 [pid 2462] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2461] <... futex resumed>) = 0 [pid 2461] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2461] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2462] <... futex resumed>) = 1 [pid 2462] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2462] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2461] <... futex resumed>) = 0 [pid 2461] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2461] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2461] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2461] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2465], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2465 [pid 2461] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2461] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2462] <... futex resumed>) = 1 [pid 2462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2462] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2462] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2465 attached [pid 2465] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2465] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2465] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2461] <... futex resumed>) = 0 [pid 2465] <... futex resumed>) = 1 [pid 2461] exit_group(0) = ? [pid 2462] <... futex resumed>) = ? [pid 2462] +++ exited with 0 +++ [pid 2465] +++ exited with 0 +++ [pid 2461] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2461, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./421", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./421", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./421/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./421/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./421/binderfs") = 0 umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./421/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./421/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./421/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./421") = 0 mkdir("./422", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2466 ./strace-static-x86_64: Process 2466 attached [pid 2466] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2466] chdir("./422") = 0 [pid 2466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2466] setpgid(0, 0) = 0 [pid 2466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2466] write(3, "1000", 4) = 4 [pid 2466] close(3) = 0 [pid 2466] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2466] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2466] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2466] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2467], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2467 [pid 2466] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2466] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2467 attached [pid 2467] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2467] memfd_create("syzkaller", 0) = 3 [pid 2467] ftruncate(3, 2097152) = 0 [pid 2467] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2467] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2467] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2467] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2467] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2467] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2467] mkdir("./file0", 0777) = 0 [pid 2467] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2467] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2467] ioctl(4, LOOP_CLR_FD) = 0 [pid 2467] close(4) = 0 [pid 2467] close(3) = 0 [pid 2467] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2466] <... futex resumed>) = 0 [pid 2466] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2466] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2467] chdir("./file0") = 0 [pid 2467] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2466] <... futex resumed>) = 0 [pid 2466] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2466] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2467] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2467] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2466] <... futex resumed>) = 0 [pid 2466] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2466] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2466] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2466] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2470 attached [pid 2467] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2466] <... clone resumed>, parent_tid=[2470], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2470 [pid 2466] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2466] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2467] <... write resumed>) = 61 [pid 2467] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2467] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2470] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2470] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2470] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2466] <... futex resumed>) = 0 [pid 2466] exit_group(0 [pid 2467] <... futex resumed>) = ? [pid 2466] <... exit_group resumed>) = ? [pid 2467] +++ exited with 0 +++ [pid 2470] <... futex resumed>) = ? [pid 2470] +++ exited with 0 +++ [pid 2466] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2466, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./422", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./422", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./422/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./422/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./422/binderfs") = 0 umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./422/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./422/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./422/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./422") = 0 mkdir("./423", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2471 ./strace-static-x86_64: Process 2471 attached [pid 2471] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2471] chdir("./423") = 0 [pid 2471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2471] setpgid(0, 0) = 0 [pid 2471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2471] write(3, "1000", 4) = 4 [pid 2471] close(3) = 0 [pid 2471] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2471] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2471] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2471] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2472], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2472 [pid 2471] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2471] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2472 attached [pid 2472] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2472] memfd_create("syzkaller", 0) = 3 [pid 2472] ftruncate(3, 2097152) = 0 [pid 2472] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2472] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2472] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2472] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2472] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2472] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2472] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2472] mkdir("./file0", 0777) = 0 [pid 2472] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2472] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2472] ioctl(4, LOOP_CLR_FD) = 0 [pid 2472] close(4) = 0 [pid 2472] close(3) = 0 [pid 2472] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2471] <... futex resumed>) = 0 [pid 2471] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2471] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2472] <... futex resumed>) = 1 [pid 2472] chdir("./file0") = 0 [pid 2472] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2471] <... futex resumed>) = 0 [pid 2471] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2471] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2472] <... futex resumed>) = 1 [pid 2472] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2472] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2471] <... futex resumed>) = 0 [pid 2471] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2472] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2471] <... futex resumed>) = 0 [pid 2471] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2472] <... write resumed>) = 61 [pid 2471] <... futex resumed>) = 0 [pid 2472] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2472] <... futex resumed>) = 0 [pid 2472] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2471] <... mmap resumed>) = 0x7f697cdae000 [pid 2471] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2471] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2475], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2475 [pid 2471] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2471] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2475 attached [pid 2475] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2475] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2475] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2471] <... futex resumed>) = 0 [pid 2471] exit_group(0) = ? [pid 2475] <... futex resumed>) = ? [pid 2472] <... futex resumed>) = ? [pid 2472] +++ exited with 0 +++ [pid 2475] +++ exited with 0 +++ [pid 2471] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2471, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./423", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./423", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./423/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./423/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./423/binderfs") = 0 umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./423/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./423/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./423/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./423") = 0 mkdir("./424", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2476 ./strace-static-x86_64: Process 2476 attached [pid 2476] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2476] chdir("./424") = 0 [pid 2476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2476] setpgid(0, 0) = 0 [pid 2476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2476] write(3, "1000", 4) = 4 [pid 2476] close(3) = 0 [pid 2476] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2476] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2476] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2476] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2477], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2477 [pid 2476] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2476] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2477 attached [pid 2477] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2477] memfd_create("syzkaller", 0) = 3 [pid 2477] ftruncate(3, 2097152) = 0 [pid 2477] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2477] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2477] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2477] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2477] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2477] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2477] mkdir("./file0", 0777) = 0 [pid 2477] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2477] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2477] ioctl(4, LOOP_CLR_FD) = 0 [pid 2477] close(4) = 0 [pid 2477] close(3) = 0 [pid 2477] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2476] <... futex resumed>) = 0 [pid 2476] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2476] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2477] <... futex resumed>) = 1 [pid 2477] chdir("./file0") = 0 [pid 2477] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2476] <... futex resumed>) = 0 [pid 2476] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2476] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2477] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2477] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2476] <... futex resumed>) = 0 [pid 2476] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2476] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2477] <... futex resumed>) = 1 [pid 2476] <... futex resumed>) = 0 [pid 2477] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2476] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2477] <... write resumed>) = 61 [pid 2477] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2477] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2476] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2480], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2480 [pid 2476] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2476] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2480 attached [pid 2480] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2480] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2480] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2476] <... futex resumed>) = 0 [pid 2476] exit_group(0) = ? [pid 2477] <... futex resumed>) = ? [pid 2477] +++ exited with 0 +++ [pid 2480] <... futex resumed>) = ? [pid 2480] +++ exited with 0 +++ [pid 2476] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2476, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./424", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./424", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./424/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./424/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./424/binderfs") = 0 umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./424/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./424/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./424/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./424") = 0 mkdir("./425", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2481 ./strace-static-x86_64: Process 2481 attached [pid 2481] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2481] chdir("./425") = 0 [pid 2481] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2481] setpgid(0, 0) = 0 [pid 2481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2481] write(3, "1000", 4) = 4 [pid 2481] close(3) = 0 [pid 2481] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2481] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2481] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2481] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2482], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2482 [pid 2481] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2481] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2482 attached [pid 2482] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2482] memfd_create("syzkaller", 0) = 3 [pid 2482] ftruncate(3, 2097152) = 0 [pid 2482] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2482] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2482] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2482] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2482] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2482] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2482] mkdir("./file0", 0777) = 0 [pid 2482] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2482] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2482] ioctl(4, LOOP_CLR_FD) = 0 [pid 2482] close(4) = 0 [pid 2482] close(3) = 0 [pid 2482] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2481] <... futex resumed>) = 0 [pid 2481] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2481] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2482] chdir("./file0") = 0 [pid 2482] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2481] <... futex resumed>) = 0 [pid 2481] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2481] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2482] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2482] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2482] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2481] <... futex resumed>) = 0 [pid 2481] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2481] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2481] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2482] <... futex resumed>) = 0 [pid 2482] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2481] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2482] <... write resumed>) = 61 [pid 2482] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2482] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2485 attached [pid 2481] <... clone resumed>, parent_tid=[2485], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2485 [pid 2485] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2485] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2481] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2481] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2485] <... futex resumed>) = 0 [pid 2485] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2485] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2481] <... futex resumed>) = 0 [pid 2481] exit_group(0 [pid 2482] <... futex resumed>) = ? [pid 2481] <... exit_group resumed>) = ? [pid 2482] +++ exited with 0 +++ [pid 2485] <... futex resumed>) = ? [pid 2485] +++ exited with 0 +++ [pid 2481] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2481, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./425", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./425", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./425/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./425/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./425/binderfs") = 0 umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./425/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./425/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./425/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./425") = 0 mkdir("./426", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2486 ./strace-static-x86_64: Process 2486 attached [pid 2486] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2486] chdir("./426") = 0 [pid 2486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2486] setpgid(0, 0) = 0 [pid 2486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2486] write(3, "1000", 4) = 4 [pid 2486] close(3) = 0 [pid 2486] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2486] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2486] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2486] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2487], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2487 [pid 2486] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2486] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2487 attached [pid 2487] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2487] memfd_create("syzkaller", 0) = 3 [pid 2487] ftruncate(3, 2097152) = 0 [pid 2487] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2487] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2487] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2487] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2487] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2487] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2487] mkdir("./file0", 0777) = 0 [pid 2487] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2487] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2487] ioctl(4, LOOP_CLR_FD) = 0 [pid 2487] close(4) = 0 [pid 2487] close(3) = 0 [pid 2487] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2486] <... futex resumed>) = 0 [pid 2486] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2486] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2487] chdir("./file0") = 0 [pid 2487] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2486] <... futex resumed>) = 0 [pid 2486] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2486] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2487] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2487] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2486] <... futex resumed>) = 0 [pid 2486] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2486] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2486] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2486] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2490], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2490 [pid 2486] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2486] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2487] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2487] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2487] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2490 attached [pid 2490] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2490] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2490] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2486] <... futex resumed>) = 0 [pid 2486] exit_group(0 [pid 2487] <... futex resumed>) = ? [pid 2486] <... exit_group resumed>) = ? [pid 2487] +++ exited with 0 +++ [pid 2490] <... futex resumed>) = ? [pid 2490] +++ exited with 0 +++ [pid 2486] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2486, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./426", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./426", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./426/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./426/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./426/binderfs") = 0 umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./426/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./426/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./426/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./426") = 0 mkdir("./427", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2491 ./strace-static-x86_64: Process 2491 attached [pid 2491] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2491] chdir("./427") = 0 [pid 2491] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2491] setpgid(0, 0) = 0 [pid 2491] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2491] write(3, "1000", 4) = 4 [pid 2491] close(3) = 0 [pid 2491] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2491] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2491] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2491] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2491] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2492], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2492 [pid 2491] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2491] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2492 attached [pid 2492] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2492] memfd_create("syzkaller", 0) = 3 [pid 2492] ftruncate(3, 2097152) = 0 [pid 2492] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2492] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2492] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2492] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2492] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2492] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2492] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2492] mkdir("./file0", 0777) = 0 [pid 2492] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2492] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2492] ioctl(4, LOOP_CLR_FD) = 0 [pid 2492] close(4) = 0 [pid 2492] close(3) = 0 [pid 2492] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2491] <... futex resumed>) = 0 [pid 2492] chdir("./file0" [pid 2491] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2491] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2492] <... chdir resumed>) = 0 [pid 2492] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2491] <... futex resumed>) = 0 [pid 2492] <... futex resumed>) = 1 [pid 2491] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2491] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2492] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2492] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2491] <... futex resumed>) = 0 [pid 2491] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2491] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2491] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2491] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2491] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2495 attached , parent_tid=[2495], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2495 [pid 2491] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2491] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2492] <... futex resumed>) = 1 [pid 2492] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2495] set_robust_list(0x7f697cdce9e0, 24 [pid 2492] <... write resumed>) = 61 [pid 2492] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2492] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2495] <... set_robust_list resumed>) = 0 [pid 2495] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2495] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2491] <... futex resumed>) = 0 [pid 2491] exit_group(0) = ? [pid 2492] <... futex resumed>) = ? [pid 2492] +++ exited with 0 +++ [pid 2495] <... futex resumed>) = ? [pid 2495] +++ exited with 0 +++ [pid 2491] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2491, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./427", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./427", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./427/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./427/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./427/binderfs") = 0 umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./427/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./427/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./427/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./427") = 0 mkdir("./428", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2496 ./strace-static-x86_64: Process 2496 attached [pid 2496] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2496] chdir("./428") = 0 [pid 2496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2496] setpgid(0, 0) = 0 [pid 2496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2496] write(3, "1000", 4) = 4 [pid 2496] close(3) = 0 [pid 2496] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2496] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2496] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2496] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2497], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2497 [pid 2496] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2496] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2497 attached [pid 2497] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2497] memfd_create("syzkaller", 0) = 3 [pid 2497] ftruncate(3, 2097152) = 0 [pid 2497] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2497] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2497] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2497] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2497] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2497] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2497] mkdir("./file0", 0777) = 0 [pid 2497] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2497] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2497] ioctl(4, LOOP_CLR_FD) = 0 [pid 2497] close(4) = 0 [pid 2497] close(3) = 0 [pid 2497] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2496] <... futex resumed>) = 0 [pid 2496] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2497] chdir("./file0" [pid 2496] <... futex resumed>) = 0 [pid 2497] <... chdir resumed>) = 0 [pid 2496] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2497] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2496] <... futex resumed>) = 0 [pid 2497] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2496] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2496] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2497] <... openat resumed>) = 3 [pid 2497] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2496] <... futex resumed>) = 0 [pid 2497] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2496] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2497] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2496] <... futex resumed>) = 0 [pid 2496] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2497] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2496] <... futex resumed>) = 0 [pid 2497] <... write resumed>) = 61 [pid 2496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2497] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2496] <... mmap resumed>) = 0x7f697cdae000 [pid 2497] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2496] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2496] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2500], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2500 [pid 2496] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2496] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2500 attached [pid 2500] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2500] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2500] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2496] <... futex resumed>) = 0 [pid 2500] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2496] exit_group(0 [pid 2500] <... futex resumed>) = ? [pid 2497] <... futex resumed>) = ? [pid 2496] <... exit_group resumed>) = ? [pid 2497] +++ exited with 0 +++ [pid 2500] +++ exited with 0 +++ [pid 2496] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2496, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./428", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./428", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./428/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./428/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./428/binderfs") = 0 umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./428/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./428/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./428/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./428") = 0 mkdir("./429", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2501 ./strace-static-x86_64: Process 2501 attached [pid 2501] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2501] chdir("./429") = 0 [pid 2501] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2501] setpgid(0, 0) = 0 [pid 2501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2501] write(3, "1000", 4) = 4 [pid 2501] close(3) = 0 [pid 2501] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2501] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2501] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2501] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2502], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2502 ./strace-static-x86_64: Process 2502 attached [pid 2502] set_robust_list(0x7f697cdef9e0, 24 [pid 2501] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2502] <... set_robust_list resumed>) = 0 [pid 2501] <... futex resumed>) = 0 [pid 2502] memfd_create("syzkaller", 0 [pid 2501] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2502] <... memfd_create resumed>) = 3 [pid 2502] ftruncate(3, 2097152) = 0 [pid 2502] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2502] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2502] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2502] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2502] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2502] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2502] mkdir("./file0", 0777) = 0 [pid 2502] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2502] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2502] ioctl(4, LOOP_CLR_FD) = 0 [pid 2502] close(4) = 0 [pid 2502] close(3) = 0 [pid 2502] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2502] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2501] <... futex resumed>) = 0 [pid 2501] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2502] <... futex resumed>) = 0 [pid 2502] chdir("./file0") = 0 [pid 2502] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2502] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2501] <... futex resumed>) = 1 [pid 2501] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2501] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2502] <... futex resumed>) = 0 [pid 2502] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2502] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2502] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2501] <... futex resumed>) = 1 [pid 2501] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2501] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2502] <... futex resumed>) = 0 [pid 2502] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2502] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2502] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2501] <... futex resumed>) = 1 [pid 2501] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2502] <... futex resumed>) = 0 [pid 2501] <... futex resumed>) = 1 [pid 2502] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2501] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2502] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2502] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2501] <... futex resumed>) = 0 [pid 2502] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2501] exit_group(0 [pid 2502] <... futex resumed>) = ? [pid 2502] +++ exited with 0 +++ [pid 2501] <... exit_group resumed>) = ? [pid 2501] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2501, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./429", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./429", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./429/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./429/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./429/binderfs") = 0 umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./429/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./429/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./429/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./429") = 0 mkdir("./430", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2505 ./strace-static-x86_64: Process 2505 attached [pid 2505] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2505] chdir("./430") = 0 [pid 2505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2505] setpgid(0, 0) = 0 [pid 2505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2505] write(3, "1000", 4) = 4 [pid 2505] close(3) = 0 [pid 2505] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2505] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2505] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2505] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2506 attached , parent_tid=[2506], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2506 [pid 2505] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2505] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2506] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2506] memfd_create("syzkaller", 0) = 3 [pid 2506] ftruncate(3, 2097152) = 0 [pid 2506] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2506] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2506] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2506] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2506] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2506] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2506] mkdir("./file0", 0777) = 0 [pid 2506] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2506] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2506] ioctl(4, LOOP_CLR_FD) = 0 [pid 2506] close(4) = 0 [pid 2506] close(3) = 0 [pid 2506] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2505] <... futex resumed>) = 0 [pid 2505] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2505] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2506] chdir("./file0") = 0 [pid 2506] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2505] <... futex resumed>) = 0 [pid 2505] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2505] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2506] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2506] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2505] <... futex resumed>) = 0 [pid 2506] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2505] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2506] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2505] <... futex resumed>) = 0 [pid 2506] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2505] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2506] <... write resumed>) = 61 [pid 2505] <... futex resumed>) = 0 [pid 2506] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2506] <... futex resumed>) = 0 [pid 2505] <... mmap resumed>) = 0x7f697cdae000 [pid 2506] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2505] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2505] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2509 attached , parent_tid=[2509], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2509 [pid 2509] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2509] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2505] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2509] <... futex resumed>) = 0 [pid 2505] <... futex resumed>) = 1 [pid 2509] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2505] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2509] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2509] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2509] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2505] <... futex resumed>) = 0 [pid 2505] exit_group(0) = ? [pid 2509] <... futex resumed>) = ? [pid 2506] <... futex resumed>) = ? [pid 2506] +++ exited with 0 +++ [pid 2509] +++ exited with 0 +++ [pid 2505] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2505, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./430", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./430", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./430/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./430/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./430/binderfs") = 0 umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./430/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./430/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./430/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./430") = 0 mkdir("./431", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2510 ./strace-static-x86_64: Process 2510 attached [pid 2510] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2510] chdir("./431") = 0 [pid 2510] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2510] setpgid(0, 0) = 0 [pid 2510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2510] write(3, "1000", 4) = 4 [pid 2510] close(3) = 0 [pid 2510] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2510] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2510] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2510] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2511], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2511 [pid 2510] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2510] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2511 attached [pid 2511] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2511] memfd_create("syzkaller", 0) = 3 [pid 2511] ftruncate(3, 2097152) = 0 [pid 2511] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2511] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2511] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2511] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2511] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2511] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2511] mkdir("./file0", 0777) = 0 [pid 2511] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2511] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2511] ioctl(4, LOOP_CLR_FD) = 0 [pid 2511] close(4) = 0 [pid 2511] close(3) = 0 [pid 2511] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2510] <... futex resumed>) = 0 [pid 2511] <... futex resumed>) = 1 [pid 2510] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2511] chdir("./file0" [pid 2510] <... futex resumed>) = 0 [pid 2511] <... chdir resumed>) = 0 [pid 2510] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2511] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2510] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2511] <... futex resumed>) = 0 [pid 2510] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2511] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2510] <... futex resumed>) = 0 [pid 2510] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2511] <... openat resumed>) = 3 [pid 2511] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2510] <... futex resumed>) = 0 [pid 2510] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2510] <... futex resumed>) = 0 [pid 2510] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2510] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2511] <... write resumed>) = 61 [pid 2510] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2511] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2511] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2510] <... clone resumed>, parent_tid=[2514], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2514 [pid 2510] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2510] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2514 attached [pid 2514] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2514] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2514] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2510] <... futex resumed>) = 0 [pid 2510] exit_group(0) = ? [pid 2511] <... futex resumed>) = 231 [pid 2511] +++ exited with 0 +++ [pid 2514] +++ exited with 0 +++ [pid 2510] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2510, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./431", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./431", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./431/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./431/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./431/binderfs") = 0 umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./431/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./431/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./431/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./431") = 0 mkdir("./432", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2515 ./strace-static-x86_64: Process 2515 attached [pid 2515] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2515] chdir("./432") = 0 [pid 2515] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2515] setpgid(0, 0) = 0 [pid 2515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2515] write(3, "1000", 4) = 4 [pid 2515] close(3) = 0 [pid 2515] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2515] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2515] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2515] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2516], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2516 [pid 2515] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2515] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2516 attached [pid 2516] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2516] memfd_create("syzkaller", 0) = 3 [pid 2516] ftruncate(3, 2097152) = 0 [pid 2516] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2516] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2516] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2516] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2516] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2516] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2516] mkdir("./file0", 0777) = 0 [pid 2516] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2516] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2516] ioctl(4, LOOP_CLR_FD) = 0 [pid 2516] close(4) = 0 [pid 2516] close(3) = 0 [pid 2516] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2515] <... futex resumed>) = 0 [pid 2515] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2515] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2516] <... futex resumed>) = 1 [pid 2516] chdir("./file0") = 0 [pid 2516] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2515] <... futex resumed>) = 0 [pid 2515] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2515] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2516] <... futex resumed>) = 1 [pid 2516] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2516] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2515] <... futex resumed>) = 0 [pid 2515] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2515] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2515] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2515] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2519], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2519 [pid 2515] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2515] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2516] <... futex resumed>) = 1 [pid 2516] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2516] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2516] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2519 attached [pid 2519] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2519] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2519] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2515] <... futex resumed>) = 0 [pid 2519] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2515] exit_group(0 [pid 2516] <... futex resumed>) = ? [pid 2515] <... exit_group resumed>) = ? [pid 2516] +++ exited with 0 +++ [pid 2519] <... futex resumed>) = ? [pid 2519] +++ exited with 0 +++ [pid 2515] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2515, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./432", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./432", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./432/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./432/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./432/binderfs") = 0 umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./432/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./432/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./432/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./432") = 0 mkdir("./433", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2520 ./strace-static-x86_64: Process 2520 attached [pid 2520] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2520] chdir("./433") = 0 [pid 2520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2520] setpgid(0, 0) = 0 [pid 2520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2520] write(3, "1000", 4) = 4 [pid 2520] close(3) = 0 [pid 2520] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2520] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2520] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2520] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2521], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2521 [pid 2520] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2520] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2521 attached [pid 2521] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2521] memfd_create("syzkaller", 0) = 3 [pid 2521] ftruncate(3, 2097152) = 0 [pid 2521] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2521] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2521] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2521] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2521] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2521] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2521] mkdir("./file0", 0777) = 0 [pid 2521] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2521] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2521] ioctl(4, LOOP_CLR_FD) = 0 [pid 2521] close(4) = 0 [pid 2521] close(3) = 0 [pid 2521] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2520] <... futex resumed>) = 0 [pid 2520] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2520] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2521] chdir("./file0") = 0 [pid 2521] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2520] <... futex resumed>) = 0 [pid 2520] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2520] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2521] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2521] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2520] <... futex resumed>) = 0 [pid 2520] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2520] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2520] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2520] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2524], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2524 [pid 2520] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2520] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2521] <... futex resumed>) = 1 [pid 2521] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2521] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2521] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2524 attached [pid 2524] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2524] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2524] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2520] <... futex resumed>) = 0 [pid 2520] exit_group(0) = ? [pid 2521] <... futex resumed>) = ? [pid 2521] +++ exited with 0 +++ [pid 2524] <... futex resumed>) = ? [pid 2524] +++ exited with 0 +++ [pid 2520] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2520, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./433", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./433", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./433/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./433/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./433/binderfs") = 0 umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./433/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./433/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./433/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./433") = 0 mkdir("./434", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2525 ./strace-static-x86_64: Process 2525 attached [pid 2525] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2525] chdir("./434") = 0 [pid 2525] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2525] setpgid(0, 0) = 0 [pid 2525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2525] write(3, "1000", 4) = 4 [pid 2525] close(3) = 0 [pid 2525] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2525] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2525] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2525] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2526], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2526 [pid 2525] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2525] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2526 attached [pid 2526] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2526] memfd_create("syzkaller", 0) = 3 [pid 2526] ftruncate(3, 2097152) = 0 [pid 2526] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2526] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2526] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2526] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2526] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2526] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2526] mkdir("./file0", 0777) = 0 [pid 2526] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2526] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2526] ioctl(4, LOOP_CLR_FD) = 0 [pid 2526] close(4) = 0 [pid 2526] close(3) = 0 [pid 2526] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2525] <... futex resumed>) = 0 [pid 2525] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2525] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2526] chdir("./file0") = 0 [pid 2526] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2525] <... futex resumed>) = 0 [pid 2525] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2525] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2526] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2526] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2525] <... futex resumed>) = 0 [pid 2525] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2525] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2525] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2525] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2529], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2529 [pid 2525] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2525] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2526] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2526] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2529 attached [pid 2529] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2529] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2529] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2525] <... futex resumed>) = 0 [pid 2525] exit_group(0 [pid 2526] <... futex resumed>) = ? [pid 2525] <... exit_group resumed>) = ? [pid 2526] +++ exited with 0 +++ [pid 2529] <... futex resumed>) = ? [pid 2529] +++ exited with 0 +++ [pid 2525] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2525, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./434", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./434", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./434/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./434/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./434/binderfs") = 0 umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./434/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./434/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./434/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./434") = 0 mkdir("./435", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2530 ./strace-static-x86_64: Process 2530 attached [pid 2530] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2530] chdir("./435") = 0 [pid 2530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2530] setpgid(0, 0) = 0 [pid 2530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2530] write(3, "1000", 4) = 4 [pid 2530] close(3) = 0 [pid 2530] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2530] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2530] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2530] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2530] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2531 attached [pid 2531] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2531] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2530] <... clone resumed>, parent_tid=[2531], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2531 [pid 2530] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2531] <... futex resumed>) = 0 [pid 2531] memfd_create("syzkaller", 0 [pid 2530] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2531] <... memfd_create resumed>) = 3 [pid 2531] ftruncate(3, 2097152) = 0 [pid 2531] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2531] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2531] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2531] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2531] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2531] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2531] mkdir("./file0", 0777) = 0 [pid 2531] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2531] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2531] ioctl(4, LOOP_CLR_FD) = 0 [pid 2531] close(4) = 0 [pid 2531] close(3) = 0 [pid 2531] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2530] <... futex resumed>) = 0 [pid 2530] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2530] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2531] <... futex resumed>) = 1 [pid 2531] chdir("./file0") = 0 [pid 2531] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2530] <... futex resumed>) = 0 [pid 2530] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2530] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2531] <... futex resumed>) = 1 [pid 2531] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2531] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2530] <... futex resumed>) = 0 [pid 2531] <... futex resumed>) = 1 [pid 2530] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2531] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2530] <... futex resumed>) = 0 [pid 2530] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2530] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2531] <... write resumed>) = 61 [pid 2530] <... mmap resumed>) = 0x7f697cdae000 [pid 2531] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2530] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2531] <... futex resumed>) = 0 [pid 2530] <... mprotect resumed>) = 0 [pid 2531] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2530] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2534], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2534 [pid 2530] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2530] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2534 attached [pid 2534] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2534] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2534] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2530] <... futex resumed>) = 0 [pid 2534] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2530] exit_group(0 [pid 2531] <... futex resumed>) = 231 [pid 2534] <... futex resumed>) = ? [pid 2530] <... exit_group resumed>) = ? [pid 2531] +++ exited with 0 +++ [pid 2534] +++ exited with 0 +++ [pid 2530] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2530, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./435", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./435", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./435/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./435/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./435/binderfs") = 0 umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./435/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./435/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./435/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./435") = 0 mkdir("./436", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2535 ./strace-static-x86_64: Process 2535 attached [pid 2535] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2535] chdir("./436") = 0 [pid 2535] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2535] setpgid(0, 0) = 0 [pid 2535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2535] write(3, "1000", 4) = 4 [pid 2535] close(3) = 0 [pid 2535] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2535] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2535] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2535] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2536], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2536 [pid 2535] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2536 attached [pid 2535] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2536] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2536] memfd_create("syzkaller", 0) = 3 [pid 2536] ftruncate(3, 2097152) = 0 [pid 2536] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2536] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2536] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2536] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2536] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2536] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2536] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2536] mkdir("./file0", 0777) = 0 [pid 2536] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2536] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2536] ioctl(4, LOOP_CLR_FD) = 0 [pid 2536] close(4) = 0 [pid 2536] close(3) = 0 [pid 2536] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2535] <... futex resumed>) = 0 [pid 2536] chdir("./file0" [pid 2535] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2536] <... chdir resumed>) = 0 [pid 2535] <... futex resumed>) = 0 [pid 2536] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2535] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2536] <... futex resumed>) = 0 [pid 2536] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2535] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2536] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2535] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2536] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2535] <... futex resumed>) = 0 [pid 2535] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2536] <... openat resumed>) = 3 [pid 2536] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2535] <... futex resumed>) = 0 [pid 2535] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2535] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2535] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2535] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2536] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2535] <... clone resumed>, parent_tid=[2539], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2539 [pid 2536] <... write resumed>) = 61 [pid 2535] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2535] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2539 attached [pid 2539] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2539] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2539] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2536] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2535] <... futex resumed>) = 0 [pid 2535] exit_group(0) = ? [pid 2536] <... futex resumed>) = ? [pid 2539] <... futex resumed>) = ? [pid 2539] +++ exited with 0 +++ [pid 2536] +++ exited with 0 +++ [pid 2535] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2535, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./436", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./436", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./436/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./436/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./436/binderfs") = 0 umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./436/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./436/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./436/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./436") = 0 mkdir("./437", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2540 ./strace-static-x86_64: Process 2540 attached [pid 2540] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2540] chdir("./437") = 0 [pid 2540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2540] setpgid(0, 0) = 0 [pid 2540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2540] write(3, "1000", 4) = 4 [pid 2540] close(3) = 0 [pid 2540] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2540] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2540] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2540] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2541], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2541 [pid 2540] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2540] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2541 attached [pid 2541] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2541] memfd_create("syzkaller", 0) = 3 [pid 2541] ftruncate(3, 2097152) = 0 [pid 2541] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2541] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2541] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2541] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2541] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2541] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2541] mkdir("./file0", 0777) = 0 [pid 2541] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2541] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2541] ioctl(4, LOOP_CLR_FD) = 0 [pid 2541] close(4) = 0 [pid 2541] close(3) = 0 [pid 2541] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2540] <... futex resumed>) = 0 [pid 2541] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2540] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2540] <... futex resumed>) = 0 [pid 2541] chdir("./file0" [pid 2540] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2541] <... chdir resumed>) = 0 [pid 2541] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2540] <... futex resumed>) = 0 [pid 2541] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 2540] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2541] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2540] <... futex resumed>) = 0 [pid 2540] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2541] <... openat resumed>) = 3 [pid 2541] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2540] <... futex resumed>) = 0 [pid 2541] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2540] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2540] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2540] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2540] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2544], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2544 [pid 2540] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2540] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2541] <... futex resumed>) = 0 [pid 2541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2541] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2541] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2544 attached [pid 2544] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2544] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2544] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2540] <... futex resumed>) = 0 [pid 2540] exit_group(0) = ? [pid 2541] <... futex resumed>) = ? [pid 2541] +++ exited with 0 +++ [pid 2544] <... futex resumed>) = ? [pid 2544] +++ exited with 0 +++ [pid 2540] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2540, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./437", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./437", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./437/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./437/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./437/binderfs") = 0 umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./437/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./437/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./437/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./437") = 0 mkdir("./438", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2545 ./strace-static-x86_64: Process 2545 attached [pid 2545] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2545] chdir("./438") = 0 [pid 2545] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2545] setpgid(0, 0) = 0 [pid 2545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2545] write(3, "1000", 4) = 4 [pid 2545] close(3) = 0 [pid 2545] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2545] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2545] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2545] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2546 attached , parent_tid=[2546], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2546 [pid 2545] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2545] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2546] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2546] memfd_create("syzkaller", 0) = 3 [pid 2546] ftruncate(3, 2097152) = 0 [pid 2546] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2546] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2546] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2546] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2546] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2546] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2546] mkdir("./file0", 0777) = 0 [pid 2546] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2546] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2546] ioctl(4, LOOP_CLR_FD) = 0 [pid 2546] close(4) = 0 [pid 2546] close(3) = 0 [pid 2546] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2545] <... futex resumed>) = 0 [pid 2545] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2545] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2546] chdir("./file0") = 0 [pid 2546] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2545] <... futex resumed>) = 0 [pid 2546] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2545] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2545] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2546] <... openat resumed>) = 3 [pid 2546] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2545] <... futex resumed>) = 0 [pid 2545] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2546] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2545] <... futex resumed>) = 0 [pid 2546] <... write resumed>) = 61 [pid 2545] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2546] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2546] <... futex resumed>) = 0 [pid 2545] <... mmap resumed>) = 0x7f697cdae000 [pid 2546] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2545] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2545] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2549 attached [pid 2549] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2549] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2545] <... clone resumed>, parent_tid=[2549], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2549 [pid 2545] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2549] <... futex resumed>) = 0 [pid 2545] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2549] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2549] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2545] <... futex resumed>) = 0 [pid 2545] exit_group(0 [pid 2546] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 2545] <... exit_group resumed>) = ? [pid 2546] +++ exited with 0 +++ [pid 2549] +++ exited with 0 +++ [pid 2545] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2545, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./438", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./438", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./438/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./438/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./438/binderfs") = 0 umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./438/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./438/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./438/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./438") = 0 mkdir("./439", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2550 ./strace-static-x86_64: Process 2550 attached [pid 2550] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2550] chdir("./439") = 0 [pid 2550] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2550] setpgid(0, 0) = 0 [pid 2550] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2550] write(3, "1000", 4) = 4 [pid 2550] close(3) = 0 [pid 2550] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2550] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2550] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2550] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2551], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2551 [pid 2550] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2550] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2551 attached [pid 2551] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2551] memfd_create("syzkaller", 0) = 3 [pid 2551] ftruncate(3, 2097152) = 0 [pid 2551] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2551] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2551] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2551] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2551] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2551] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2551] mkdir("./file0", 0777) = 0 [pid 2551] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2551] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2551] ioctl(4, LOOP_CLR_FD) = 0 [pid 2551] close(4) = 0 [pid 2551] close(3) = 0 [pid 2551] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2550] <... futex resumed>) = 0 [pid 2550] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2550] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2551] <... futex resumed>) = 1 [pid 2551] chdir("./file0") = 0 [pid 2551] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2550] <... futex resumed>) = 0 [pid 2550] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2550] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2551] <... futex resumed>) = 1 [pid 2551] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2551] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2550] <... futex resumed>) = 0 [pid 2550] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2550] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2550] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2550] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2554], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2554 [pid 2550] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2550] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2551] <... futex resumed>) = 1 [pid 2551] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2551] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2551] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2554 attached [pid 2554] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2554] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2554] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2550] <... futex resumed>) = 0 [pid 2550] exit_group(0 [pid 2551] <... futex resumed>) = ? [pid 2550] <... exit_group resumed>) = ? [pid 2551] +++ exited with 0 +++ [pid 2554] <... futex resumed>) = ? [pid 2554] +++ exited with 0 +++ [pid 2550] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2550, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./439", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./439", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./439/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./439/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./439/binderfs") = 0 umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./439/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./439/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./439/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./439") = 0 mkdir("./440", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2555 ./strace-static-x86_64: Process 2555 attached [pid 2555] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2555] chdir("./440") = 0 [pid 2555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2555] setpgid(0, 0) = 0 [pid 2555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2555] write(3, "1000", 4) = 4 [pid 2555] close(3) = 0 [pid 2555] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2555] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2555] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2555] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2556], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2556 [pid 2555] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2555] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2556 attached [pid 2556] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2556] memfd_create("syzkaller", 0) = 3 [pid 2556] ftruncate(3, 2097152) = 0 [pid 2556] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2556] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2556] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2556] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2556] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2556] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2556] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2556] mkdir("./file0", 0777) = 0 [pid 2556] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2556] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2556] ioctl(4, LOOP_CLR_FD) = 0 [pid 2556] close(4) = 0 [pid 2556] close(3) = 0 [pid 2556] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2555] <... futex resumed>) = 0 [pid 2555] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2555] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2556] chdir("./file0") = 0 [pid 2556] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2555] <... futex resumed>) = 0 [pid 2555] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2555] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2556] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2556] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2555] <... futex resumed>) = 0 [pid 2555] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2555] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2555] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2555] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2559], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2559 [pid 2555] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2555] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2556] <... futex resumed>) = 1 [pid 2556] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2556] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2556] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2559 attached [pid 2559] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2559] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2559] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2555] <... futex resumed>) = 0 [pid 2555] exit_group(0) = ? [pid 2556] <... futex resumed>) = ? [pid 2556] +++ exited with 0 +++ [pid 2559] <... futex resumed>) = ? [pid 2559] +++ exited with 0 +++ [pid 2555] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2555, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./440", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./440", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./440/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./440/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./440/binderfs") = 0 umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./440/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./440/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./440/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./440") = 0 mkdir("./441", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2560 ./strace-static-x86_64: Process 2560 attached [pid 2560] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2560] chdir("./441") = 0 [pid 2560] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2560] setpgid(0, 0) = 0 [pid 2560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2560] write(3, "1000", 4) = 4 [pid 2560] close(3) = 0 [pid 2560] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2560] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2560] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2560] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2560] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2561 attached , parent_tid=[2561], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2561 [pid 2560] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2560] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2561] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2561] memfd_create("syzkaller", 0) = 3 [pid 2561] ftruncate(3, 2097152) = 0 [pid 2561] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2561] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2561] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2561] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2561] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2561] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2561] mkdir("./file0", 0777) = 0 [pid 2561] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2561] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2561] ioctl(4, LOOP_CLR_FD) = 0 [pid 2561] close(4) = 0 [pid 2561] close(3) = 0 [pid 2561] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2561] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2560] <... futex resumed>) = 0 [pid 2560] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2561] <... futex resumed>) = 0 [pid 2561] chdir("./file0") = 0 [pid 2561] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2561] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2560] <... futex resumed>) = 1 [pid 2560] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2560] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2561] <... futex resumed>) = 0 [pid 2561] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2560] <... futex resumed>) = 1 [pid 2560] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2561] <... openat resumed>) = 3 [pid 2561] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2561] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2560] <... futex resumed>) = 0 [pid 2560] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2561] <... futex resumed>) = 0 [pid 2561] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2561] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2561] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2560] <... futex resumed>) = 1 [pid 2560] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2561] <... futex resumed>) = 0 [pid 2560] <... futex resumed>) = 1 [pid 2561] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2560] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2561] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2561] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2560] <... futex resumed>) = 0 [pid 2561] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2560] exit_group(0 [pid 2561] <... futex resumed>) = ? [pid 2561] +++ exited with 0 +++ [pid 2560] <... exit_group resumed>) = ? [pid 2560] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2560, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./441", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./441", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./441/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./441/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./441/binderfs") = 0 umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./441/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./441/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./441/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./441") = 0 mkdir("./442", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2564 ./strace-static-x86_64: Process 2564 attached [pid 2564] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2564] chdir("./442") = 0 [pid 2564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2564] setpgid(0, 0) = 0 [pid 2564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2564] write(3, "1000", 4) = 4 [pid 2564] close(3) = 0 [pid 2564] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2564] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2564] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2564] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2565], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2565 [pid 2564] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2564] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2565 attached [pid 2565] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2565] memfd_create("syzkaller", 0) = 3 [pid 2565] ftruncate(3, 2097152) = 0 [pid 2565] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2565] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2565] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2565] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2565] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2565] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2565] mkdir("./file0", 0777) = 0 [pid 2565] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2565] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2565] ioctl(4, LOOP_CLR_FD) = 0 [pid 2565] close(4) = 0 [pid 2565] close(3) = 0 [pid 2565] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2564] <... futex resumed>) = 0 [pid 2565] <... futex resumed>) = 1 [pid 2564] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2565] chdir("./file0" [pid 2564] <... futex resumed>) = 0 [pid 2565] <... chdir resumed>) = 0 [pid 2564] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2565] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2564] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2565] <... futex resumed>) = 0 [pid 2564] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2565] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2564] <... futex resumed>) = 0 [pid 2564] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2565] <... openat resumed>) = 3 [pid 2565] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2564] <... futex resumed>) = 0 [pid 2565] <... futex resumed>) = 1 [pid 2564] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2565] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2564] <... futex resumed>) = 0 [pid 2564] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2565] <... write resumed>) = 61 [pid 2564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2565] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2564] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2565] <... futex resumed>) = 0 [pid 2564] <... mprotect resumed>) = 0 [pid 2565] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2564] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2568], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2568 [pid 2564] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2564] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2568 attached [pid 2568] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2568] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2568] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2564] <... futex resumed>) = 0 [pid 2564] exit_group(0 [pid 2565] <... futex resumed>) = ? [pid 2564] <... exit_group resumed>) = ? [pid 2565] +++ exited with 0 +++ [pid 2568] <... futex resumed>) = ? [pid 2568] +++ exited with 0 +++ [pid 2564] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2564, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./442", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./442", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./442/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./442/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./442/binderfs") = 0 umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./442/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./442/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./442/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./442") = 0 mkdir("./443", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2569 ./strace-static-x86_64: Process 2569 attached [pid 2569] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2569] chdir("./443") = 0 [pid 2569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2569] setpgid(0, 0) = 0 [pid 2569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2569] write(3, "1000", 4) = 4 [pid 2569] close(3) = 0 [pid 2569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2569] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2569] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2569] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2570], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2570 [pid 2569] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2569] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2570 attached [pid 2570] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2570] memfd_create("syzkaller", 0) = 3 [pid 2570] ftruncate(3, 2097152) = 0 [pid 2570] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2570] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2570] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2570] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2570] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2570] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2570] mkdir("./file0", 0777) = 0 [pid 2570] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2570] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2570] ioctl(4, LOOP_CLR_FD) = 0 [pid 2570] close(4) = 0 [pid 2570] close(3) = 0 [pid 2570] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2569] <... futex resumed>) = 0 [pid 2569] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2569] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2570] chdir("./file0") = 0 [pid 2570] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2569] <... futex resumed>) = 0 [pid 2569] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2569] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2570] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2570] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2569] <... futex resumed>) = 0 [pid 2569] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2569] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2569] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2569] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2570] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2569] <... clone resumed>, parent_tid=[2573], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2573 [pid 2570] <... write resumed>) = 61 [pid 2569] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2570] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2569] <... futex resumed>) = 0 [pid 2570] <... futex resumed>) = 0 [pid 2569] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2570] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2573 attached [pid 2573] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2573] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2573] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2569] <... futex resumed>) = 0 [pid 2569] exit_group(0 [pid 2570] <... futex resumed>) = ? [pid 2569] <... exit_group resumed>) = ? [pid 2570] +++ exited with 0 +++ [pid 2573] <... futex resumed>) = ? [pid 2573] +++ exited with 0 +++ [pid 2569] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2569, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./443", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./443", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./443/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./443/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./443/binderfs") = 0 umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./443/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./443/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./443/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./443") = 0 mkdir("./444", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2574 ./strace-static-x86_64: Process 2574 attached [pid 2574] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2574] chdir("./444") = 0 [pid 2574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2574] setpgid(0, 0) = 0 [pid 2574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2574] write(3, "1000", 4) = 4 [pid 2574] close(3) = 0 [pid 2574] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2574] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2574] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2574] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2575], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2575 [pid 2574] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2574] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2575 attached [pid 2575] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2575] memfd_create("syzkaller", 0) = 3 [pid 2575] ftruncate(3, 2097152) = 0 [pid 2575] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2575] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2575] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2575] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2575] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2575] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2575] mkdir("./file0", 0777) = 0 [pid 2575] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2575] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2575] ioctl(4, LOOP_CLR_FD) = 0 [pid 2575] close(4) = 0 [pid 2575] close(3) = 0 [pid 2575] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2574] <... futex resumed>) = 0 [pid 2574] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2574] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2575] chdir("./file0") = 0 [pid 2575] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2574] <... futex resumed>) = 0 [pid 2574] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2574] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2575] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2575] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2574] <... futex resumed>) = 0 [pid 2574] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2574] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2574] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2574] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2578], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2578 [pid 2574] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2574] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2578 attached [pid 2578] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2578] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2575] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2578] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2578] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2574] <... futex resumed>) = 0 [pid 2575] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 2578] <... futex resumed>) = 1 [pid 2578] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2575] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2575] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2574] exit_group(0) = ? [pid 2575] <... futex resumed>) = ? [pid 2575] +++ exited with 0 +++ [pid 2578] <... futex resumed>) = ? [pid 2578] +++ exited with 0 +++ [pid 2574] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2574, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./444", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./444", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./444/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./444/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./444/binderfs") = 0 umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./444/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./444/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./444/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./444") = 0 mkdir("./445", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2579 ./strace-static-x86_64: Process 2579 attached [pid 2579] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2579] chdir("./445") = 0 [pid 2579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2579] setpgid(0, 0) = 0 [pid 2579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2579] write(3, "1000", 4) = 4 [pid 2579] close(3) = 0 [pid 2579] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2579] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2579] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2579] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2580], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2580 [pid 2579] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2579] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2580 attached [pid 2580] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2580] memfd_create("syzkaller", 0) = 3 [pid 2580] ftruncate(3, 2097152) = 0 [pid 2580] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2580] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2580] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2580] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2580] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2580] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2580] mkdir("./file0", 0777) = 0 [pid 2580] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2580] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2580] ioctl(4, LOOP_CLR_FD) = 0 [pid 2580] close(4) = 0 [pid 2580] close(3) = 0 [pid 2580] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2579] <... futex resumed>) = 0 [pid 2579] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2580] chdir("./file0") = 0 [pid 2579] <... futex resumed>) = 0 [pid 2580] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2579] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2580] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2579] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2579] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2579] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2580] <... futex resumed>) = 0 [pid 2580] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2580] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2579] <... futex resumed>) = 0 [pid 2579] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2579] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2579] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2580] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2579] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2580] <... write resumed>) = 61 [pid 2580] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2579] <... clone resumed>, parent_tid=[2583], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2583 ./strace-static-x86_64: Process 2583 attached [pid 2580] <... futex resumed>) = 0 [pid 2579] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2580] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2579] <... futex resumed>) = 0 [pid 2579] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2583] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2583] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2583] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2579] <... futex resumed>) = 0 [pid 2579] exit_group(0 [pid 2580] <... futex resumed>) = ? [pid 2579] <... exit_group resumed>) = ? [pid 2580] +++ exited with 0 +++ [pid 2583] <... futex resumed>) = ? [pid 2583] +++ exited with 0 +++ [pid 2579] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2579, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./445", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./445", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./445/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./445/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./445/binderfs") = 0 umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./445/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./445/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./445/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./445") = 0 mkdir("./446", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2584 ./strace-static-x86_64: Process 2584 attached [pid 2584] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2584] chdir("./446") = 0 [pid 2584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2584] setpgid(0, 0) = 0 [pid 2584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2584] write(3, "1000", 4) = 4 [pid 2584] close(3) = 0 [pid 2584] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2584] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2584] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2584] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2585], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2585 [pid 2584] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2584] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2585 attached [pid 2585] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2585] memfd_create("syzkaller", 0) = 3 [pid 2585] ftruncate(3, 2097152) = 0 [pid 2585] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2585] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2585] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2585] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2585] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2585] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2585] mkdir("./file0", 0777) = 0 [pid 2585] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2585] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2585] ioctl(4, LOOP_CLR_FD) = 0 [pid 2585] close(4) = 0 [pid 2585] close(3) = 0 [pid 2585] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2584] <... futex resumed>) = 0 [pid 2584] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2584] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2585] <... futex resumed>) = 1 [pid 2585] chdir("./file0") = 0 [pid 2585] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2584] <... futex resumed>) = 0 [pid 2584] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2584] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2585] <... futex resumed>) = 1 [pid 2585] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2585] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2584] <... futex resumed>) = 0 [pid 2584] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2584] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2584] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2584] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2588], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2588 [pid 2584] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2584] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2585] <... futex resumed>) = 1 [pid 2585] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2585] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2585] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2588 attached [pid 2588] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2588] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2588] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2584] <... futex resumed>) = 0 [pid 2584] exit_group(0 [pid 2585] <... futex resumed>) = ? [pid 2584] <... exit_group resumed>) = ? [pid 2585] +++ exited with 0 +++ [pid 2588] <... futex resumed>) = ? [pid 2588] +++ exited with 0 +++ [pid 2584] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2584, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./446", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./446", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./446/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./446/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./446/binderfs") = 0 umount2("./446/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./446/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./446/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./446/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./446/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./446/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./446") = 0 mkdir("./447", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2589 ./strace-static-x86_64: Process 2589 attached [pid 2589] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2589] chdir("./447") = 0 [pid 2589] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2589] setpgid(0, 0) = 0 [pid 2589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2589] write(3, "1000", 4) = 4 [pid 2589] close(3) = 0 [pid 2589] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2589] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2589] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2589] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2590], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2590 ./strace-static-x86_64: Process 2590 attached [pid 2589] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2589] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2590] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2590] memfd_create("syzkaller", 0) = 3 [pid 2590] ftruncate(3, 2097152) = 0 [pid 2590] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2590] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2590] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2590] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2590] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2590] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2590] mkdir("./file0", 0777) = 0 [pid 2590] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2590] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2590] ioctl(4, LOOP_CLR_FD) = 0 [pid 2590] close(4) = 0 [pid 2590] close(3) = 0 [pid 2590] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2589] <... futex resumed>) = 0 [pid 2589] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2589] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2590] <... futex resumed>) = 1 [pid 2590] chdir("./file0") = 0 [pid 2590] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2589] <... futex resumed>) = 0 [pid 2589] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2589] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2590] <... futex resumed>) = 1 [pid 2590] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2590] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2589] <... futex resumed>) = 0 [pid 2589] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2589] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2589] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2589] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2593 attached , parent_tid=[2593], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2593 [pid 2589] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2593] set_robust_list(0x7f697cdce9e0, 24 [pid 2589] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2590] <... futex resumed>) = 1 [pid 2590] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2593] <... set_robust_list resumed>) = 0 [pid 2590] <... write resumed>) = 61 [pid 2590] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2590] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2593] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2593] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2589] <... futex resumed>) = 0 [pid 2589] exit_group(0) = ? [pid 2590] <... futex resumed>) = ? [pid 2590] +++ exited with 0 +++ [pid 2593] <... futex resumed>) = ? [pid 2593] +++ exited with 0 +++ [pid 2589] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2589, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./447", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./447", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./447/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./447/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./447/binderfs") = 0 umount2("./447/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./447/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./447/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./447/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./447/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./447/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./447") = 0 mkdir("./448", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2594 ./strace-static-x86_64: Process 2594 attached [pid 2594] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2594] chdir("./448") = 0 [pid 2594] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2594] setpgid(0, 0) = 0 [pid 2594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2594] write(3, "1000", 4) = 4 [pid 2594] close(3) = 0 [pid 2594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2594] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2594] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2594] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2595], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2595 [pid 2594] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2594] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2595 attached [pid 2595] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2595] memfd_create("syzkaller", 0) = 3 [pid 2595] ftruncate(3, 2097152) = 0 [pid 2595] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2595] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2595] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2595] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2595] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2595] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2595] mkdir("./file0", 0777) = 0 [pid 2595] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2595] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2595] ioctl(4, LOOP_CLR_FD) = 0 [pid 2595] close(4) = 0 [pid 2595] close(3) = 0 [pid 2595] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2594] <... futex resumed>) = 0 [pid 2594] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2594] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2595] <... futex resumed>) = 1 [pid 2595] chdir("./file0") = 0 [pid 2595] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2594] <... futex resumed>) = 0 [pid 2594] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2594] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2595] <... futex resumed>) = 1 [pid 2595] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2595] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2594] <... futex resumed>) = 0 [pid 2594] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2594] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2594] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2594] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2598], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2598 [pid 2594] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2594] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2595] <... futex resumed>) = 1 [pid 2595] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2595] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2595] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2598 attached [pid 2598] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2598] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2598] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2594] <... futex resumed>) = 0 [pid 2594] exit_group(0 [pid 2595] <... futex resumed>) = ? [pid 2594] <... exit_group resumed>) = ? [pid 2598] <... futex resumed>) = ? [pid 2595] +++ exited with 0 +++ [pid 2598] +++ exited with 0 +++ [pid 2594] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2594, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./448", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./448", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./448/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./448/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./448/binderfs") = 0 umount2("./448/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./448/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./448/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./448/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./448/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./448/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./448") = 0 mkdir("./449", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2599 ./strace-static-x86_64: Process 2599 attached [pid 2599] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2599] chdir("./449") = 0 [pid 2599] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2599] setpgid(0, 0) = 0 [pid 2599] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2599] write(3, "1000", 4) = 4 [pid 2599] close(3) = 0 [pid 2599] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2599] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2599] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2599] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2599] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2600 attached , parent_tid=[2600], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2600 [pid 2600] set_robust_list(0x7f697cdef9e0, 24 [pid 2599] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2600] <... set_robust_list resumed>) = 0 [pid 2599] <... futex resumed>) = 0 [pid 2599] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2600] memfd_create("syzkaller", 0) = 3 [pid 2600] ftruncate(3, 2097152) = 0 [pid 2600] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2600] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2600] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2600] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2600] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2600] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2600] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2600] mkdir("./file0", 0777) = 0 [pid 2600] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2600] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2600] ioctl(4, LOOP_CLR_FD) = 0 [pid 2600] close(4) = 0 [pid 2600] close(3) = 0 [pid 2600] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2599] <... futex resumed>) = 0 [pid 2599] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2599] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2600] <... futex resumed>) = 1 [pid 2600] chdir("./file0") = 0 [pid 2600] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2599] <... futex resumed>) = 0 [pid 2599] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2599] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2600] <... futex resumed>) = 1 [pid 2600] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2600] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2599] <... futex resumed>) = 0 [pid 2599] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2599] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2599] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2599] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2599] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2603], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2603 [pid 2599] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2599] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2600] <... futex resumed>) = 1 [pid 2600] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2600] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2600] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2603 attached [pid 2603] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2603] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2603] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2599] <... futex resumed>) = 0 [pid 2599] exit_group(0) = ? [pid 2603] <... futex resumed>) = ? [pid 2603] +++ exited with 0 +++ [pid 2600] <... futex resumed>) = ? [pid 2600] +++ exited with 0 +++ [pid 2599] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2599, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./449", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./449", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./449/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./449/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./449/binderfs") = 0 umount2("./449/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./449/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./449/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./449/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./449/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./449/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./449") = 0 mkdir("./450", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2604 ./strace-static-x86_64: Process 2604 attached [pid 2604] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2604] chdir("./450") = 0 [pid 2604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2604] setpgid(0, 0) = 0 [pid 2604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2604] write(3, "1000", 4) = 4 [pid 2604] close(3) = 0 [pid 2604] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2604] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2604] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2604] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2604] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2605], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2605 [pid 2604] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2604] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2605 attached [pid 2605] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2605] memfd_create("syzkaller", 0) = 3 [pid 2605] ftruncate(3, 2097152) = 0 [pid 2605] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2605] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2605] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2605] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2605] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2605] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2605] mkdir("./file0", 0777) = 0 [pid 2605] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2605] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2605] ioctl(4, LOOP_CLR_FD) = 0 [pid 2605] close(4) = 0 [pid 2605] close(3) = 0 [pid 2605] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2604] <... futex resumed>) = 0 [pid 2604] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2604] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2605] <... futex resumed>) = 1 [pid 2605] chdir("./file0") = 0 [pid 2605] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2604] <... futex resumed>) = 0 [pid 2604] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2604] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2605] <... futex resumed>) = 1 [pid 2605] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2605] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2604] <... futex resumed>) = 0 [pid 2604] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2604] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2604] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2604] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2604] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2608], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2608 [pid 2604] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2604] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2605] <... futex resumed>) = 1 [pid 2605] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2605] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2605] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2608 attached [pid 2608] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2608] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2608] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2604] <... futex resumed>) = 0 [pid 2604] exit_group(0 [pid 2605] <... futex resumed>) = ? [pid 2608] <... futex resumed>) = ? [pid 2604] <... exit_group resumed>) = ? [pid 2605] +++ exited with 0 +++ [pid 2608] +++ exited with 0 +++ [pid 2604] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2604, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./450", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./450", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./450/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./450/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./450/binderfs") = 0 umount2("./450/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./450/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./450/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./450/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./450/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./450/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./450") = 0 mkdir("./451", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2609 ./strace-static-x86_64: Process 2609 attached [pid 2609] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2609] chdir("./451") = 0 [pid 2609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2609] setpgid(0, 0) = 0 [pid 2609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2609] write(3, "1000", 4) = 4 [pid 2609] close(3) = 0 [pid 2609] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2609] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2609] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2609] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2610], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2610 [pid 2609] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2609] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2610 attached [pid 2610] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2610] memfd_create("syzkaller", 0) = 3 [pid 2610] ftruncate(3, 2097152) = 0 [pid 2610] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2610] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2610] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2610] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2610] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2610] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2610] mkdir("./file0", 0777) = 0 [pid 2610] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2610] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2610] ioctl(4, LOOP_CLR_FD) = 0 [pid 2610] close(4) = 0 [pid 2610] close(3) = 0 [pid 2610] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2609] <... futex resumed>) = 0 [pid 2609] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2609] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2610] <... futex resumed>) = 1 [pid 2610] chdir("./file0") = 0 [pid 2610] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2609] <... futex resumed>) = 0 [pid 2609] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2609] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2610] <... futex resumed>) = 1 [pid 2610] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2610] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2609] <... futex resumed>) = 0 [pid 2609] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2609] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2609] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2609] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2613], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2613 [pid 2609] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2609] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2610] <... futex resumed>) = 1 [pid 2610] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2610] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2610] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2613 attached [pid 2613] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2613] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2613] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2609] <... futex resumed>) = 0 [pid 2609] exit_group(0) = ? [pid 2610] <... futex resumed>) = ? [pid 2610] +++ exited with 0 +++ [pid 2613] <... futex resumed>) = ? [pid 2613] +++ exited with 0 +++ [pid 2609] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2609, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./451", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./451", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./451/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./451/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./451/binderfs") = 0 umount2("./451/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./451/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./451/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./451/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./451/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./451/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./451") = 0 mkdir("./452", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2614 ./strace-static-x86_64: Process 2614 attached [pid 2614] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2614] chdir("./452") = 0 [pid 2614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2614] setpgid(0, 0) = 0 [pid 2614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2614] write(3, "1000", 4) = 4 [pid 2614] close(3) = 0 [pid 2614] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2614] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2614] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2614] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2615], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2615 [pid 2614] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2614] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2615 attached [pid 2615] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2615] memfd_create("syzkaller", 0) = 3 [pid 2615] ftruncate(3, 2097152) = 0 [pid 2615] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2615] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2615] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2615] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2615] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2615] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2615] mkdir("./file0", 0777) = 0 [pid 2615] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2615] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2615] ioctl(4, LOOP_CLR_FD) = 0 [pid 2615] close(4) = 0 [pid 2615] close(3) = 0 [pid 2615] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2614] <... futex resumed>) = 0 [pid 2614] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2614] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2615] <... futex resumed>) = 1 [pid 2615] chdir("./file0") = 0 [pid 2615] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2614] <... futex resumed>) = 0 [pid 2614] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2614] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2615] <... futex resumed>) = 1 [pid 2615] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2615] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2614] <... futex resumed>) = 0 [pid 2614] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2614] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2614] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2614] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2618], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2618 [pid 2614] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2614] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2615] <... futex resumed>) = 1 [pid 2615] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2615] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2615] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2618 attached [pid 2618] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2618] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2618] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2614] <... futex resumed>) = 0 [pid 2618] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2614] exit_group(0) = ? [pid 2618] <... futex resumed>) = ? [pid 2615] <... futex resumed>) = ? [pid 2615] +++ exited with 0 +++ [pid 2618] +++ exited with 0 +++ [pid 2614] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2614, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./452", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./452", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./452/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./452/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./452/binderfs") = 0 umount2("./452/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./452/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./452/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./452/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./452/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./452/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./452") = 0 mkdir("./453", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2619 ./strace-static-x86_64: Process 2619 attached [pid 2619] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2619] chdir("./453") = 0 [pid 2619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2619] setpgid(0, 0) = 0 [pid 2619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2619] write(3, "1000", 4) = 4 [pid 2619] close(3) = 0 [pid 2619] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2619] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2619] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2619] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2619] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2620 attached , parent_tid=[2620], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2620 [pid 2620] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2620] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2619] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2620] <... futex resumed>) = 0 [pid 2619] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2620] memfd_create("syzkaller", 0) = 3 [pid 2620] ftruncate(3, 2097152) = 0 [pid 2620] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2620] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2620] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2620] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2620] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2620] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2620] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2620] mkdir("./file0", 0777) = 0 [pid 2620] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2620] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2620] ioctl(4, LOOP_CLR_FD) = 0 [pid 2620] close(4) = 0 [pid 2620] close(3) = 0 [pid 2620] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2619] <... futex resumed>) = 0 [pid 2620] chdir("./file0" [pid 2619] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2620] <... chdir resumed>) = 0 [pid 2619] <... futex resumed>) = 0 [pid 2620] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2620] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2619] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2619] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2619] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2620] <... futex resumed>) = 0 [pid 2620] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2620] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2619] <... futex resumed>) = 0 [pid 2619] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2619] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2620] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2619] <... futex resumed>) = 0 [pid 2620] <... write resumed>) = 61 [pid 2619] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2620] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2619] <... mmap resumed>) = 0x7f697cdae000 [pid 2620] <... futex resumed>) = 0 [pid 2619] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2620] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2619] <... mprotect resumed>) = 0 [pid 2619] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2623 attached , parent_tid=[2623], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2623 [pid 2619] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2619] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2623] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2623] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2623] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2619] <... futex resumed>) = 0 [pid 2619] exit_group(0 [pid 2620] <... futex resumed>) = ? [pid 2619] <... exit_group resumed>) = ? [pid 2620] +++ exited with 0 +++ [pid 2623] <... futex resumed>) = ? [pid 2623] +++ exited with 0 +++ [pid 2619] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2619, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./453", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./453", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./453/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./453/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./453/binderfs") = 0 umount2("./453/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./453/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./453/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./453/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./453/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./453/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./453") = 0 mkdir("./454", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2624 ./strace-static-x86_64: Process 2624 attached [pid 2624] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2624] chdir("./454") = 0 [pid 2624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2624] setpgid(0, 0) = 0 [pid 2624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2624] write(3, "1000", 4) = 4 [pid 2624] close(3) = 0 [pid 2624] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2624] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2624] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2624] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2625], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2625 [pid 2624] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2624] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2625 attached [pid 2625] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2625] memfd_create("syzkaller", 0) = 3 [pid 2625] ftruncate(3, 2097152) = 0 [pid 2625] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2625] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2625] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2625] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2625] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2625] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2625] mkdir("./file0", 0777) = 0 [pid 2625] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2625] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2625] ioctl(4, LOOP_CLR_FD) = 0 [pid 2625] close(4) = 0 [pid 2625] close(3) = 0 [pid 2625] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2624] <... futex resumed>) = 0 [pid 2624] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2624] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2625] <... futex resumed>) = 1 [pid 2625] chdir("./file0") = 0 [pid 2625] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2624] <... futex resumed>) = 0 [pid 2624] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2624] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2625] <... futex resumed>) = 1 [pid 2625] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2625] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2624] <... futex resumed>) = 0 [pid 2624] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2624] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2624] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2624] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2628 attached [pid 2628] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2628] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2624] <... clone resumed>, parent_tid=[2628], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2628 [pid 2625] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2624] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2628] <... futex resumed>) = 0 [pid 2624] <... futex resumed>) = 1 [pid 2628] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2624] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2628] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2628] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2624] <... futex resumed>) = 0 [pid 2628] <... futex resumed>) = 1 [pid 2628] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2625] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 2625] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2625] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2624] exit_group(0) = ? [pid 2625] <... futex resumed>) = ? [pid 2625] +++ exited with 0 +++ [pid 2628] <... futex resumed>) = ? [pid 2628] +++ exited with 0 +++ [pid 2624] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2624, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./454", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./454", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./454/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./454/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./454/binderfs") = 0 umount2("./454/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./454/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./454/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./454/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./454/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./454/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./454") = 0 mkdir("./455", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2629 ./strace-static-x86_64: Process 2629 attached [pid 2629] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2629] chdir("./455") = 0 [pid 2629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2629] setpgid(0, 0) = 0 [pid 2629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2629] write(3, "1000", 4) = 4 [pid 2629] close(3) = 0 [pid 2629] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2629] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2629] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2629] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2629] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2630], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2630 [pid 2629] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2629] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2630 attached [pid 2630] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2630] memfd_create("syzkaller", 0) = 3 [pid 2630] ftruncate(3, 2097152) = 0 [pid 2630] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2630] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2630] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2630] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2630] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2630] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2630] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2630] mkdir("./file0", 0777) = 0 [pid 2630] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2630] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2630] ioctl(4, LOOP_CLR_FD) = 0 [pid 2630] close(4) = 0 [pid 2630] close(3) = 0 [pid 2630] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2629] <... futex resumed>) = 0 [pid 2629] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2629] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2630] <... futex resumed>) = 1 [pid 2630] chdir("./file0") = 0 [pid 2630] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2629] <... futex resumed>) = 0 [pid 2629] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2629] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2630] <... futex resumed>) = 1 [pid 2630] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2630] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2629] <... futex resumed>) = 0 [pid 2629] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2629] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2629] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2629] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2629] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2633], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2633 [pid 2629] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2629] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2630] <... futex resumed>) = 1 [pid 2630] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2630] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2630] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2633 attached [pid 2633] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2633] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2633] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2629] <... futex resumed>) = 0 [pid 2633] <... futex resumed>) = 1 [pid 2629] exit_group(0 [pid 2630] <... futex resumed>) = ? [pid 2629] <... exit_group resumed>) = ? [pid 2630] +++ exited with 0 +++ [pid 2633] +++ exited with 0 +++ [pid 2629] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2629, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./455", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./455", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./455/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./455/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./455/binderfs") = 0 umount2("./455/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./455/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./455/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./455/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./455/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./455/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./455") = 0 mkdir("./456", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2634 ./strace-static-x86_64: Process 2634 attached [pid 2634] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2634] chdir("./456") = 0 [pid 2634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2634] setpgid(0, 0) = 0 [pid 2634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2634] write(3, "1000", 4) = 4 [pid 2634] close(3) = 0 [pid 2634] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2634] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2634] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2634] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2635], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2635 [pid 2634] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2634] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2635 attached [pid 2635] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2635] memfd_create("syzkaller", 0) = 3 [pid 2635] ftruncate(3, 2097152) = 0 [pid 2635] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2635] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2635] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2635] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2635] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2635] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2635] mkdir("./file0", 0777) = 0 [pid 2635] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2635] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2635] ioctl(4, LOOP_CLR_FD) = 0 [pid 2635] close(4) = 0 [pid 2635] close(3) = 0 [pid 2635] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2634] <... futex resumed>) = 0 [pid 2634] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2634] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2635] chdir("./file0") = 0 [pid 2635] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2634] <... futex resumed>) = 0 [pid 2634] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2634] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2635] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2635] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2634] <... futex resumed>) = 0 [pid 2634] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2634] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2634] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2634] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2638], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2638 [pid 2634] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2634] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2635] <... futex resumed>) = 1 [pid 2635] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2635] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2635] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2638 attached [pid 2638] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2638] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2638] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2634] <... futex resumed>) = 0 [pid 2634] exit_group(0 [pid 2635] <... futex resumed>) = ? [pid 2634] <... exit_group resumed>) = ? [pid 2635] +++ exited with 0 +++ [pid 2638] <... futex resumed>) = ? [pid 2638] +++ exited with 0 +++ [pid 2634] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2634, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./456", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./456", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./456/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./456/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./456/binderfs") = 0 umount2("./456/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./456/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./456/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./456/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./456/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./456/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./456") = 0 mkdir("./457", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2639 ./strace-static-x86_64: Process 2639 attached [pid 2639] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2639] chdir("./457") = 0 [pid 2639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2639] setpgid(0, 0) = 0 [pid 2639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2639] write(3, "1000", 4) = 4 [pid 2639] close(3) = 0 [pid 2639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2639] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2639] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2639] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2640], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2640 [pid 2639] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2639] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2640 attached [pid 2640] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2640] memfd_create("syzkaller", 0) = 3 [pid 2640] ftruncate(3, 2097152) = 0 [pid 2640] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2640] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2640] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2640] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2640] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2640] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2640] mkdir("./file0", 0777) = 0 [pid 2640] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2640] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2640] ioctl(4, LOOP_CLR_FD) = 0 [pid 2640] close(4) = 0 [pid 2640] close(3) = 0 [pid 2640] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2639] <... futex resumed>) = 0 [pid 2640] <... futex resumed>) = 1 [pid 2639] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2640] chdir("./file0" [pid 2639] <... futex resumed>) = 0 [pid 2640] <... chdir resumed>) = 0 [pid 2639] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2640] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2639] <... futex resumed>) = 0 [pid 2639] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2640] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2639] <... futex resumed>) = 0 [pid 2639] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2640] <... openat resumed>) = 3 [pid 2640] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2639] <... futex resumed>) = 0 [pid 2639] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2639] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2639] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2639] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2643], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2643 [pid 2639] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2639] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2640] <... futex resumed>) = 1 [pid 2640] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2640] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2640] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2643 attached [pid 2643] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2643] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2643] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2639] <... futex resumed>) = 0 [pid 2639] exit_group(0 [pid 2640] <... futex resumed>) = ? [pid 2639] <... exit_group resumed>) = ? [pid 2643] <... futex resumed>) = ? [pid 2640] +++ exited with 0 +++ [pid 2643] +++ exited with 0 +++ [pid 2639] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2639, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./457", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./457", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./457/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./457/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./457/binderfs") = 0 umount2("./457/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./457/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./457/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./457/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./457/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./457/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./457") = 0 mkdir("./458", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2644 ./strace-static-x86_64: Process 2644 attached [pid 2644] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2644] chdir("./458") = 0 [pid 2644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2644] setpgid(0, 0) = 0 [pid 2644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2644] write(3, "1000", 4) = 4 [pid 2644] close(3) = 0 [pid 2644] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2644] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2644] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2644] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2644] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2645], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2645 [pid 2644] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2644] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2645 attached [pid 2645] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2645] memfd_create("syzkaller", 0) = 3 [pid 2645] ftruncate(3, 2097152) = 0 [pid 2645] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2645] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2645] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2645] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2645] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2645] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2645] mkdir("./file0", 0777) = 0 [pid 2645] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2645] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2645] ioctl(4, LOOP_CLR_FD) = 0 [pid 2645] close(4) = 0 [pid 2645] close(3) = 0 [pid 2645] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2644] <... futex resumed>) = 0 [pid 2645] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2644] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2644] <... futex resumed>) = 0 [pid 2645] chdir("./file0" [pid 2644] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2645] <... chdir resumed>) = 0 [pid 2645] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2644] <... futex resumed>) = 0 [pid 2645] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2644] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2645] <... futex resumed>) = 0 [pid 2644] <... futex resumed>) = 1 [pid 2645] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2644] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2645] <... openat resumed>) = 3 [pid 2645] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2644] <... futex resumed>) = 0 [pid 2645] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2644] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2644] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2644] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2645] <... futex resumed>) = 0 [pid 2644] <... mmap resumed>) = 0x7f697cdae000 [pid 2645] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2644] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2645] <... write resumed>) = 61 [pid 2644] <... mprotect resumed>) = 0 [pid 2645] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2644] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2645] <... futex resumed>) = 0 [pid 2645] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2644] <... clone resumed>, parent_tid=[2648], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2648 [pid 2644] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2644] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2648 attached [pid 2648] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2648] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2648] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2644] <... futex resumed>) = 0 [pid 2644] exit_group(0 [pid 2645] <... futex resumed>) = ? [pid 2644] <... exit_group resumed>) = ? [pid 2645] +++ exited with 0 +++ [pid 2648] +++ exited with 0 +++ [pid 2644] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2644, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./458", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./458", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./458/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./458/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./458/binderfs") = 0 umount2("./458/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./458/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./458/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./458/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./458/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./458/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./458") = 0 mkdir("./459", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2649 ./strace-static-x86_64: Process 2649 attached [pid 2649] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2649] chdir("./459") = 0 [pid 2649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2649] setpgid(0, 0) = 0 [pid 2649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2649] write(3, "1000", 4) = 4 [pid 2649] close(3) = 0 [pid 2649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2649] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2649] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2649] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2650], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2650 [pid 2649] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2649] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2650 attached [pid 2650] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2650] memfd_create("syzkaller", 0) = 3 [pid 2650] ftruncate(3, 2097152) = 0 [pid 2650] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2650] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2650] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2650] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2650] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2650] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2650] mkdir("./file0", 0777) = 0 [pid 2650] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2650] ioctl(4, LOOP_CLR_FD) = 0 [pid 2650] close(4) = 0 [pid 2650] close(3) = 0 [pid 2650] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2649] <... futex resumed>) = 0 [pid 2649] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2650] chdir("./file0" [pid 2649] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2650] <... chdir resumed>) = 0 [pid 2650] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2649] <... futex resumed>) = 0 [pid 2649] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2649] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2650] <... futex resumed>) = 1 [pid 2650] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2650] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2649] <... futex resumed>) = 0 [pid 2649] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2649] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2649] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2649] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2653], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2653 [pid 2649] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2649] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2650] <... futex resumed>) = 1 [pid 2650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2650] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2650] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2653 attached [pid 2653] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2653] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2653] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2649] <... futex resumed>) = 0 [pid 2649] exit_group(0) = ? [pid 2650] <... futex resumed>) = ? [pid 2650] +++ exited with 0 +++ [pid 2653] <... futex resumed>) = ? [pid 2653] +++ exited with 0 +++ [pid 2649] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2649, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./459", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./459", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./459/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./459/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./459/binderfs") = 0 umount2("./459/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./459/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./459/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./459/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./459/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./459/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./459") = 0 mkdir("./460", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2654 ./strace-static-x86_64: Process 2654 attached [pid 2654] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2654] chdir("./460") = 0 [pid 2654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2654] setpgid(0, 0) = 0 [pid 2654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2654] write(3, "1000", 4) = 4 [pid 2654] close(3) = 0 [pid 2654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2654] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2654] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2654] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2655 attached [pid 2655] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2655] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2654] <... clone resumed>, parent_tid=[2655], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2655 [pid 2654] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2655] <... futex resumed>) = 0 [pid 2655] memfd_create("syzkaller", 0 [pid 2654] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2655] <... memfd_create resumed>) = 3 [pid 2655] ftruncate(3, 2097152) = 0 [pid 2655] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2655] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2655] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2655] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2655] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2655] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2655] mkdir("./file0", 0777) = 0 [pid 2655] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2655] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2655] ioctl(4, LOOP_CLR_FD) = 0 [pid 2655] close(4) = 0 [pid 2655] close(3) = 0 [pid 2655] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2654] <... futex resumed>) = 0 [pid 2655] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 2654] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2655] chdir("./file0") = 0 [pid 2654] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2655] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2654] <... futex resumed>) = 0 [pid 2654] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2655] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2654] <... futex resumed>) = 0 [pid 2654] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2655] <... openat resumed>) = 3 [pid 2655] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2654] <... futex resumed>) = 0 [pid 2655] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2654] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2655] <... write resumed>) = 61 [pid 2654] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2655] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2654] <... futex resumed>) = 0 [pid 2654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2655] <... futex resumed>) = 0 [pid 2655] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2654] <... mmap resumed>) = 0x7f697cdae000 [pid 2654] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2654] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2658 attached , parent_tid=[2658], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2658 [pid 2658] set_robust_list(0x7f697cdce9e0, 24 [pid 2654] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2658] <... set_robust_list resumed>) = 0 [pid 2654] <... futex resumed>) = 0 [pid 2654] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2658] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2658] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2654] <... futex resumed>) = 0 [pid 2658] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2654] exit_group(0) = ? [pid 2658] <... futex resumed>) = 231 [pid 2655] <... futex resumed>) = ? [pid 2658] +++ exited with 0 +++ [pid 2655] +++ exited with 0 +++ [pid 2654] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2654, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./460", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./460", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./460/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./460/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./460/binderfs") = 0 umount2("./460/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./460/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./460/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./460/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./460/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./460/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./460") = 0 mkdir("./461", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2659 ./strace-static-x86_64: Process 2659 attached [pid 2659] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2659] chdir("./461") = 0 [pid 2659] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2659] setpgid(0, 0) = 0 [pid 2659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2659] write(3, "1000", 4) = 4 [pid 2659] close(3) = 0 [pid 2659] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2659] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2659] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2659] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2660], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2660 [pid 2659] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2659] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2660 attached [pid 2660] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2660] memfd_create("syzkaller", 0) = 3 [pid 2660] ftruncate(3, 2097152) = 0 [pid 2660] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2660] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2660] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2660] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2660] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2660] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2660] mkdir("./file0", 0777) = 0 [pid 2660] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2660] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2660] ioctl(4, LOOP_CLR_FD) = 0 [pid 2660] close(4) = 0 [pid 2660] close(3) = 0 [pid 2660] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2659] <... futex resumed>) = 0 [pid 2660] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2659] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2660] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2660] chdir("./file0" [pid 2659] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2660] <... chdir resumed>) = 0 [pid 2660] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2659] <... futex resumed>) = 0 [pid 2660] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2659] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2659] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2660] <... futex resumed>) = 0 [pid 2660] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2660] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2659] <... futex resumed>) = 0 [pid 2659] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2659] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2660] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2659] <... futex resumed>) = 0 [pid 2660] <... write resumed>) = 61 [pid 2659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2660] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2659] <... mmap resumed>) = 0x7f697cdae000 [pid 2660] <... futex resumed>) = 0 [pid 2659] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2660] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2659] <... mprotect resumed>) = 0 [pid 2659] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2663], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2663 [pid 2659] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2659] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2663 attached [pid 2663] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2663] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2663] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2659] <... futex resumed>) = 0 [pid 2659] exit_group(0 [pid 2660] <... futex resumed>) = ? [pid 2659] <... exit_group resumed>) = ? [pid 2660] +++ exited with 0 +++ [pid 2663] <... futex resumed>) = ? [pid 2663] +++ exited with 0 +++ [pid 2659] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2659, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./461", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./461", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./461/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./461/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./461/binderfs") = 0 umount2("./461/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./461/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./461/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./461/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./461/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./461/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./461") = 0 mkdir("./462", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2664 ./strace-static-x86_64: Process 2664 attached [pid 2664] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2664] chdir("./462") = 0 [pid 2664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2664] setpgid(0, 0) = 0 [pid 2664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2664] write(3, "1000", 4) = 4 [pid 2664] close(3) = 0 [pid 2664] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2664] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2664] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2664] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2665], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2665 [pid 2664] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2664] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2665 attached [pid 2665] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2665] memfd_create("syzkaller", 0) = 3 [pid 2665] ftruncate(3, 2097152) = 0 [pid 2665] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2665] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2665] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2665] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2665] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2665] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2665] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2665] mkdir("./file0", 0777) = 0 [pid 2665] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2665] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2665] ioctl(4, LOOP_CLR_FD) = 0 [pid 2665] close(4) = 0 [pid 2665] close(3) = 0 [pid 2665] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2664] <... futex resumed>) = 0 [pid 2664] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2664] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2665] <... futex resumed>) = 1 [pid 2665] chdir("./file0") = 0 [pid 2665] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2664] <... futex resumed>) = 0 [pid 2664] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2664] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2665] <... futex resumed>) = 1 [pid 2665] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2665] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2664] <... futex resumed>) = 0 [pid 2664] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2664] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2664] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2664] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2668], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2668 [pid 2664] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2664] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2665] <... futex resumed>) = 1 [pid 2665] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2665] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2665] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2668 attached [pid 2668] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2668] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2668] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2664] <... futex resumed>) = 0 [pid 2664] exit_group(0 [pid 2665] <... futex resumed>) = ? [pid 2664] <... exit_group resumed>) = ? [pid 2665] +++ exited with 0 +++ [pid 2668] <... futex resumed>) = ? [pid 2668] +++ exited with 0 +++ [pid 2664] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2664, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./462", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./462", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./462/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./462/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./462/binderfs") = 0 umount2("./462/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./462/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./462/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./462/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./462/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./462/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./462") = 0 mkdir("./463", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2669 ./strace-static-x86_64: Process 2669 attached [pid 2669] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2669] chdir("./463") = 0 [pid 2669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2669] setpgid(0, 0) = 0 [pid 2669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2669] write(3, "1000", 4) = 4 [pid 2669] close(3) = 0 [pid 2669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2669] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2669] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2669] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2670], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2670 [pid 2669] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2669] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2670 attached [pid 2670] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2670] memfd_create("syzkaller", 0) = 3 [pid 2670] ftruncate(3, 2097152) = 0 [pid 2670] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2670] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2670] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2670] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2670] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2670] mkdir("./file0", 0777) = 0 [pid 2670] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2670] ioctl(4, LOOP_CLR_FD) = 0 [pid 2670] close(4) = 0 [pid 2670] close(3) = 0 [pid 2670] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2669] <... futex resumed>) = 0 [pid 2669] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2669] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2670] <... futex resumed>) = 1 [pid 2670] chdir("./file0") = 0 [pid 2670] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2669] <... futex resumed>) = 0 [pid 2669] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2669] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2670] <... futex resumed>) = 1 [pid 2670] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2670] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2669] <... futex resumed>) = 0 [pid 2669] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2669] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2669] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2669] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2673 attached , parent_tid=[2673], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2673 [pid 2669] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2669] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2670] <... futex resumed>) = 1 [pid 2673] set_robust_list(0x7f697cdce9e0, 24 [pid 2670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2673] <... set_robust_list resumed>) = 0 [pid 2673] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2670] <... write resumed>) = 61 [pid 2673] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2673] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2669] <... futex resumed>) = 0 [pid 2673] <... futex resumed>) = 1 [pid 2673] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2670] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2670] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2669] exit_group(0) = ? [pid 2673] <... futex resumed>) = ? [pid 2673] +++ exited with 0 +++ [pid 2670] <... futex resumed>) = ? [pid 2670] +++ exited with 0 +++ [pid 2669] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2669, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./463", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./463", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./463/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./463/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./463/binderfs") = 0 umount2("./463/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./463/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./463/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./463/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./463/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./463/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./463") = 0 mkdir("./464", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2674 ./strace-static-x86_64: Process 2674 attached [pid 2674] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2674] chdir("./464") = 0 [pid 2674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2674] setpgid(0, 0) = 0 [pid 2674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2674] write(3, "1000", 4) = 4 [pid 2674] close(3) = 0 [pid 2674] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2674] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2674] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2674] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2675], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2675 [pid 2674] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2674] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2675 attached [pid 2675] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2675] memfd_create("syzkaller", 0) = 3 [pid 2675] ftruncate(3, 2097152) = 0 [pid 2675] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2675] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2675] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2675] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2675] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2675] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2675] mkdir("./file0", 0777) = 0 [pid 2675] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2675] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2675] ioctl(4, LOOP_CLR_FD) = 0 [pid 2675] close(4) = 0 [pid 2675] close(3) = 0 [pid 2675] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2674] <... futex resumed>) = 0 [pid 2674] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2674] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2675] chdir("./file0") = 0 [pid 2675] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2674] <... futex resumed>) = 0 [pid 2675] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2674] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2674] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2675] <... openat resumed>) = 3 [pid 2675] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2674] <... futex resumed>) = 0 [pid 2675] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2674] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2675] <... write resumed>) = 61 [pid 2674] <... futex resumed>) = 0 [pid 2675] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2674] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2675] <... futex resumed>) = 0 [pid 2674] <... futex resumed>) = 0 [pid 2675] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2674] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2674] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2678], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2678 [pid 2674] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2674] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2678 attached [pid 2678] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2678] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2678] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2674] <... futex resumed>) = 0 [pid 2674] exit_group(0 [pid 2675] <... futex resumed>) = ? [pid 2674] <... exit_group resumed>) = ? [pid 2675] +++ exited with 0 +++ [pid 2678] +++ exited with 0 +++ [pid 2674] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2674, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./464", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./464", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./464/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./464/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./464/binderfs") = 0 umount2("./464/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./464/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./464/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./464/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./464/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./464/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./464") = 0 mkdir("./465", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2679 ./strace-static-x86_64: Process 2679 attached [pid 2679] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2679] chdir("./465") = 0 [pid 2679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2679] setpgid(0, 0) = 0 [pid 2679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2679] write(3, "1000", 4) = 4 [pid 2679] close(3) = 0 [pid 2679] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2679] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2679] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2679] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2680], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2680 [pid 2679] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2679] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2680 attached [pid 2680] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2680] memfd_create("syzkaller", 0) = 3 [pid 2680] ftruncate(3, 2097152) = 0 [pid 2680] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2680] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2680] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2680] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2680] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2680] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2680] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2680] mkdir("./file0", 0777) = 0 [pid 2680] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2680] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2680] ioctl(4, LOOP_CLR_FD) = 0 [pid 2680] close(4) = 0 [pid 2680] close(3) = 0 [pid 2680] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2679] <... futex resumed>) = 0 [pid 2679] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2679] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2680] <... futex resumed>) = 1 [pid 2680] chdir("./file0") = 0 [pid 2680] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2679] <... futex resumed>) = 0 [pid 2679] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2679] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2680] <... futex resumed>) = 1 [pid 2680] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2680] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2679] <... futex resumed>) = 0 [pid 2679] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2679] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2679] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2679] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2683], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2683 [pid 2679] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2679] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2680] <... futex resumed>) = 1 [pid 2680] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2680] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2680] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2683 attached [pid 2683] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2683] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2683] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2679] <... futex resumed>) = 0 [pid 2679] exit_group(0 [pid 2680] <... futex resumed>) = ? [pid 2679] <... exit_group resumed>) = ? [pid 2683] +++ exited with 0 +++ [pid 2680] +++ exited with 0 +++ [pid 2679] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2679, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./465", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./465", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./465/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./465/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./465/binderfs") = 0 umount2("./465/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./465/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./465/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./465/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./465/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./465/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./465") = 0 mkdir("./466", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2684 ./strace-static-x86_64: Process 2684 attached [pid 2684] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2684] chdir("./466") = 0 [pid 2684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2684] setpgid(0, 0) = 0 [pid 2684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2684] write(3, "1000", 4) = 4 [pid 2684] close(3) = 0 [pid 2684] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2684] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2684] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2684] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2685 attached [pid 2685] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2685] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2684] <... clone resumed>, parent_tid=[2685], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2685 [pid 2684] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2685] <... futex resumed>) = 0 [pid 2685] memfd_create("syzkaller", 0) = 3 [pid 2685] ftruncate(3, 2097152) = 0 [pid 2685] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2685] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2685] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2685] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2685] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2685] ioctl(4, LOOP_SET_FD, 3 [pid 2684] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2685] <... ioctl resumed>) = 0 [pid 2685] mkdir("./file0", 0777) = 0 [pid 2685] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2685] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2685] ioctl(4, LOOP_CLR_FD) = 0 [pid 2685] close(4) = 0 [pid 2685] close(3) = 0 [pid 2685] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2685] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2684] <... futex resumed>) = 0 [pid 2684] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2685] <... futex resumed>) = 0 [pid 2685] chdir("./file0") = 0 [pid 2685] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2685] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2684] <... futex resumed>) = 1 [pid 2684] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2684] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2685] <... futex resumed>) = 0 [pid 2685] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2684] <... futex resumed>) = 1 [pid 2684] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2685] <... openat resumed>) = 3 [pid 2685] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2685] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2684] <... futex resumed>) = 0 [pid 2684] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2685] <... futex resumed>) = 0 [pid 2685] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2685] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2685] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2684] <... futex resumed>) = 1 [pid 2684] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2685] <... futex resumed>) = 0 [pid 2685] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2685] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2685] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2684] <... futex resumed>) = 1 [pid 2684] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2684] exit_group(0 [pid 2685] <... futex resumed>) = ? [pid 2685] +++ exited with 0 +++ [pid 2684] <... exit_group resumed>) = ? [pid 2684] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2684, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./466", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./466", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./466/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./466/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./466/binderfs") = 0 umount2("./466/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./466/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./466/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./466/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./466/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./466/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./466") = 0 mkdir("./467", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2688 ./strace-static-x86_64: Process 2688 attached [pid 2688] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2688] chdir("./467") = 0 [pid 2688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2688] setpgid(0, 0) = 0 [pid 2688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2688] write(3, "1000", 4) = 4 [pid 2688] close(3) = 0 [pid 2688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2688] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2688] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2688] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2689], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2689 [pid 2688] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2688] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2689 attached [pid 2689] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2689] memfd_create("syzkaller", 0) = 3 [pid 2689] ftruncate(3, 2097152) = 0 [pid 2689] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2689] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2689] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2689] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2689] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2689] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2689] mkdir("./file0", 0777) = 0 [pid 2689] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2689] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2689] ioctl(4, LOOP_CLR_FD) = 0 [pid 2689] close(4) = 0 [pid 2689] close(3) = 0 [pid 2689] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2689] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2688] <... futex resumed>) = 0 [pid 2688] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2689] <... futex resumed>) = 0 [pid 2688] <... futex resumed>) = 1 [pid 2689] chdir("./file0" [pid 2688] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2689] <... chdir resumed>) = 0 [pid 2689] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2688] <... futex resumed>) = 0 [pid 2689] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2688] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2688] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2689] <... openat resumed>) = 3 [pid 2689] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2688] <... futex resumed>) = 0 [pid 2688] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2689] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2688] <... futex resumed>) = 0 [pid 2689] <... write resumed>) = 61 [pid 2688] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2689] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2688] <... futex resumed>) = 0 [pid 2689] <... futex resumed>) = 0 [pid 2688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2689] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2688] <... mmap resumed>) = 0x7f697cdae000 [pid 2688] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2688] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2692 attached , parent_tid=[2692], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2692 [pid 2688] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2688] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2692] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2692] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2692] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2688] <... futex resumed>) = 0 [pid 2688] exit_group(0) = ? [pid 2689] <... futex resumed>) = ? [pid 2689] +++ exited with 0 +++ [pid 2692] <... futex resumed>) = ? [pid 2692] +++ exited with 0 +++ [pid 2688] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2688, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./467", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./467", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./467/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./467/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./467/binderfs") = 0 umount2("./467/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./467/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./467/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./467/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./467/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./467/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./467") = 0 mkdir("./468", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2693 ./strace-static-x86_64: Process 2693 attached [pid 2693] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2693] chdir("./468") = 0 [pid 2693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2693] setpgid(0, 0) = 0 [pid 2693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2693] write(3, "1000", 4) = 4 [pid 2693] close(3) = 0 [pid 2693] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2693] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2693] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2693] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2693] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2694], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2694 [pid 2693] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2693] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2694 attached [pid 2694] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2694] memfd_create("syzkaller", 0) = 3 [pid 2694] ftruncate(3, 2097152) = 0 [pid 2694] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2694] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2694] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2694] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2694] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2694] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2694] mkdir("./file0", 0777) = 0 [pid 2694] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2694] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2694] ioctl(4, LOOP_CLR_FD) = 0 [pid 2694] close(4) = 0 [pid 2694] close(3) = 0 [pid 2694] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2693] <... futex resumed>) = 0 [pid 2693] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2693] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2694] <... futex resumed>) = 1 [pid 2694] chdir("./file0") = 0 [pid 2694] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2693] <... futex resumed>) = 0 [pid 2693] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2693] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2694] <... futex resumed>) = 1 [pid 2694] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2694] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2693] <... futex resumed>) = 0 [pid 2693] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2693] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2693] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2693] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2693] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2697], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2697 [pid 2693] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2693] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2694] <... futex resumed>) = 1 [pid 2694] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2694] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2694] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2697 attached [pid 2697] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2697] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2697] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2693] <... futex resumed>) = 0 [pid 2693] exit_group(0 [pid 2694] <... futex resumed>) = ? [pid 2693] <... exit_group resumed>) = ? [pid 2694] +++ exited with 0 +++ [pid 2697] <... futex resumed>) = ? [pid 2697] +++ exited with 0 +++ [pid 2693] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2693, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./468", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./468", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./468/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./468/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./468/binderfs") = 0 umount2("./468/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./468/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./468/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./468/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./468/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./468/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./468") = 0 mkdir("./469", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2698 ./strace-static-x86_64: Process 2698 attached [pid 2698] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2698] chdir("./469") = 0 [pid 2698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2698] setpgid(0, 0) = 0 [pid 2698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2698] write(3, "1000", 4) = 4 [pid 2698] close(3) = 0 [pid 2698] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2698] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2698] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2698] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2699], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2699 [pid 2698] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2698] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2699 attached [pid 2699] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2699] memfd_create("syzkaller", 0) = 3 [pid 2699] ftruncate(3, 2097152) = 0 [pid 2699] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2699] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2699] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2699] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2699] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2699] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2699] mkdir("./file0", 0777) = 0 [pid 2699] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2699] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2699] ioctl(4, LOOP_CLR_FD) = 0 [pid 2699] close(4) = 0 [pid 2699] close(3) = 0 [pid 2699] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2698] <... futex resumed>) = 0 [pid 2698] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2698] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2699] chdir("./file0") = 0 [pid 2699] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2698] <... futex resumed>) = 0 [pid 2698] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2698] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2699] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2699] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2698] <... futex resumed>) = 0 [pid 2698] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2698] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2698] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2698] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2702], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2702 [pid 2698] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2698] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2699] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61./strace-static-x86_64: Process 2702 attached ) = 61 [pid 2702] set_robust_list(0x7f697cdce9e0, 24 [pid 2699] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2702] <... set_robust_list resumed>) = 0 [pid 2699] <... futex resumed>) = 0 [pid 2702] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2699] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2702] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2702] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2698] <... futex resumed>) = 0 [pid 2698] exit_group(0) = ? [pid 2699] <... futex resumed>) = ? [pid 2699] +++ exited with 0 +++ [pid 2702] +++ exited with 0 +++ [pid 2698] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2698, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./469", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./469", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./469/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./469/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./469/binderfs") = 0 umount2("./469/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./469/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./469/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./469/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./469/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./469/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./469") = 0 mkdir("./470", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2703 ./strace-static-x86_64: Process 2703 attached [pid 2703] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2703] chdir("./470") = 0 [pid 2703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2703] setpgid(0, 0) = 0 [pid 2703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2703] write(3, "1000", 4) = 4 [pid 2703] close(3) = 0 [pid 2703] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2703] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2703] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2703] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2703] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2704], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2704 [pid 2703] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2703] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2704 attached [pid 2704] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2704] memfd_create("syzkaller", 0) = 3 [pid 2704] ftruncate(3, 2097152) = 0 [pid 2704] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2704] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2704] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2704] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2704] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2704] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2704] mkdir("./file0", 0777) = 0 [pid 2704] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2704] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2704] ioctl(4, LOOP_CLR_FD) = 0 [pid 2704] close(4) = 0 [pid 2704] close(3) = 0 [pid 2704] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2703] <... futex resumed>) = 0 [pid 2703] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2703] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2704] chdir("./file0") = 0 [pid 2704] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2703] <... futex resumed>) = 0 [pid 2703] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2703] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2704] <... futex resumed>) = 1 [pid 2704] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2704] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2703] <... futex resumed>) = 0 [pid 2703] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2703] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2703] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2703] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2703] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2707], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2707 [pid 2703] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2703] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2704] <... futex resumed>) = 1 [pid 2704] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2704] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2704] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2707 attached [pid 2707] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2707] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2707] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2703] <... futex resumed>) = 0 [pid 2703] exit_group(0) = ? [pid 2704] <... futex resumed>) = ? [pid 2704] +++ exited with 0 +++ [pid 2707] +++ exited with 0 +++ [pid 2703] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2703, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./470", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./470", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./470/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./470/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./470/binderfs") = 0 umount2("./470/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./470/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./470/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./470/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./470/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./470/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./470") = 0 mkdir("./471", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2708 ./strace-static-x86_64: Process 2708 attached [pid 2708] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2708] chdir("./471") = 0 [pid 2708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2708] setpgid(0, 0) = 0 [pid 2708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2708] write(3, "1000", 4) = 4 [pid 2708] close(3) = 0 [pid 2708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2708] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2708] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2708] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2709], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2709 [pid 2708] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2708] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2709 attached [pid 2709] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2709] memfd_create("syzkaller", 0) = 3 [pid 2709] ftruncate(3, 2097152) = 0 [pid 2709] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2709] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2709] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2709] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2709] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2709] mkdir("./file0", 0777) = 0 [pid 2709] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2709] ioctl(4, LOOP_CLR_FD) = 0 [pid 2709] close(4) = 0 [pid 2709] close(3) = 0 [pid 2709] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2708] <... futex resumed>) = 0 [pid 2709] chdir("./file0" [pid 2708] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2709] <... chdir resumed>) = 0 [pid 2708] <... futex resumed>) = 0 [pid 2709] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2708] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2709] <... futex resumed>) = 0 [pid 2708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2709] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2708] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2708] <... futex resumed>) = 0 [pid 2709] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2708] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2709] <... openat resumed>) = 3 [pid 2709] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2708] <... futex resumed>) = 0 [pid 2709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2708] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2709] <... write resumed>) = 61 [pid 2708] <... futex resumed>) = 0 [pid 2709] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2708] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2709] <... futex resumed>) = 0 [pid 2708] <... futex resumed>) = 0 [pid 2709] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2708] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2709] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2709] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2708] <... futex resumed>) = 0 [pid 2709] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2708] exit_group(0 [pid 2709] <... futex resumed>) = ? [pid 2708] <... exit_group resumed>) = ? [pid 2709] +++ exited with 0 +++ [pid 2708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2708, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./471", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./471", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./471/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./471/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./471/binderfs") = 0 umount2("./471/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./471/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./471/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./471/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./471/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./471/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./471") = 0 mkdir("./472", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2712 ./strace-static-x86_64: Process 2712 attached [pid 2712] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2712] chdir("./472") = 0 [pid 2712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2712] setpgid(0, 0) = 0 [pid 2712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2712] write(3, "1000", 4) = 4 [pid 2712] close(3) = 0 [pid 2712] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2712] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2712] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2712] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2713], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2713 [pid 2712] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2712] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2713 attached [pid 2713] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2713] memfd_create("syzkaller", 0) = 3 [pid 2713] ftruncate(3, 2097152) = 0 [pid 2713] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2713] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2713] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2713] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2713] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2713] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2713] mkdir("./file0", 0777) = 0 [pid 2713] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2713] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2713] ioctl(4, LOOP_CLR_FD) = 0 [pid 2713] close(4) = 0 [pid 2713] close(3) = 0 [pid 2713] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2712] <... futex resumed>) = 0 [pid 2713] <... futex resumed>) = 1 [pid 2713] chdir("./file0" [pid 2712] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2712] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2713] <... chdir resumed>) = 0 [pid 2713] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2712] <... futex resumed>) = 0 [pid 2712] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2712] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2713] <... futex resumed>) = 1 [pid 2713] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2713] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2712] <... futex resumed>) = 0 [pid 2712] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2712] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2712] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2712] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2716], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2716 [pid 2712] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2712] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2716 attached [pid 2713] <... futex resumed>) = 1 [pid 2716] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2716] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2716] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2712] <... futex resumed>) = 0 [pid 2716] <... futex resumed>) = 1 [pid 2716] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2713] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = -1 ENOSPC (No space left on device) [pid 2713] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2712] exit_group(0) = ? [pid 2716] <... futex resumed>) = ? [pid 2716] +++ exited with 0 +++ [pid 2713] <... futex resumed>) = ? [pid 2713] +++ exited with 0 +++ [pid 2712] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2712, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./472", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./472", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./472/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./472/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./472/binderfs") = 0 umount2("./472/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./472/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./472/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./472/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./472/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./472/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./472") = 0 mkdir("./473", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2717 ./strace-static-x86_64: Process 2717 attached [pid 2717] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2717] chdir("./473") = 0 [pid 2717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2717] setpgid(0, 0) = 0 [pid 2717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2717] write(3, "1000", 4) = 4 [pid 2717] close(3) = 0 [pid 2717] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2717] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2717] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2717] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2718], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2718 [pid 2717] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2717] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2718 attached [pid 2718] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2718] memfd_create("syzkaller", 0) = 3 [pid 2718] ftruncate(3, 2097152) = 0 [pid 2718] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2718] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2718] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2718] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2718] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2718] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2718] mkdir("./file0", 0777) = 0 [pid 2718] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2718] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2718] ioctl(4, LOOP_CLR_FD) = 0 [pid 2718] close(4) = 0 [pid 2718] close(3) = 0 [pid 2718] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2717] <... futex resumed>) = 0 [pid 2718] chdir("./file0" [pid 2717] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2718] <... chdir resumed>) = 0 [pid 2717] <... futex resumed>) = 0 [pid 2717] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2718] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2717] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2718] <... futex resumed>) = 0 [pid 2717] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2718] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2717] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2718] <... openat resumed>) = 3 [pid 2718] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2717] <... futex resumed>) = 0 [pid 2718] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2717] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2718] <... write resumed>) = 61 [pid 2717] <... futex resumed>) = 0 [pid 2718] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2717] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2718] <... futex resumed>) = 0 [pid 2717] <... futex resumed>) = 0 [pid 2718] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2717] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2717] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2721], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2721 [pid 2717] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2717] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2721 attached [pid 2721] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2721] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2721] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2721] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2717] <... futex resumed>) = 0 [pid 2717] exit_group(0) = ? [pid 2721] <... futex resumed>) = ? [pid 2718] <... futex resumed>) = ? [pid 2718] +++ exited with 0 +++ [pid 2721] +++ exited with 0 +++ [pid 2717] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2717, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./473", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./473", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./473/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./473/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./473/binderfs") = 0 umount2("./473/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./473/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./473/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./473/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./473/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./473/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./473") = 0 mkdir("./474", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2722 ./strace-static-x86_64: Process 2722 attached [pid 2722] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2722] chdir("./474") = 0 [pid 2722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2722] setpgid(0, 0) = 0 [pid 2722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2722] write(3, "1000", 4) = 4 [pid 2722] close(3) = 0 [pid 2722] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2722] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2722] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2722] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2723], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2723 [pid 2722] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2722] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2723 attached [pid 2723] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2723] memfd_create("syzkaller", 0) = 3 [pid 2723] ftruncate(3, 2097152) = 0 [pid 2723] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2723] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2723] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2723] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2723] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2723] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2723] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2723] mkdir("./file0", 0777) = 0 [pid 2723] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2723] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2723] ioctl(4, LOOP_CLR_FD) = 0 [pid 2723] close(4) = 0 [pid 2723] close(3) = 0 [pid 2723] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2722] <... futex resumed>) = 0 [pid 2722] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2722] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2723] <... futex resumed>) = 1 [pid 2723] chdir("./file0") = 0 [pid 2723] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2722] <... futex resumed>) = 0 [pid 2722] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2722] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2723] <... futex resumed>) = 1 [pid 2723] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2723] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2722] <... futex resumed>) = 0 [pid 2722] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2722] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2722] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2723] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2722] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2723] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2723] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2722] <... clone resumed>, parent_tid=[2726], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2726 [pid 2722] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2722] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2726 attached [pid 2726] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2726] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2726] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2722] <... futex resumed>) = 0 [pid 2722] exit_group(0) = ? [pid 2723] <... futex resumed>) = ? [pid 2723] +++ exited with 0 +++ [pid 2726] <... futex resumed>) = ? [pid 2726] +++ exited with 0 +++ [pid 2722] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2722, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./474", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./474", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./474/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./474/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./474/binderfs") = 0 umount2("./474/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./474/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./474/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./474/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./474/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./474/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./474") = 0 mkdir("./475", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2727 ./strace-static-x86_64: Process 2727 attached [pid 2727] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2727] chdir("./475") = 0 [pid 2727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2727] setpgid(0, 0) = 0 [pid 2727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2727] write(3, "1000", 4) = 4 [pid 2727] close(3) = 0 [pid 2727] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2727] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2727] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2727] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2728], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2728 [pid 2727] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2727] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2728 attached [pid 2728] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2728] memfd_create("syzkaller", 0) = 3 [pid 2728] ftruncate(3, 2097152) = 0 [pid 2728] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2728] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2728] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2728] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2728] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2728] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2728] mkdir("./file0", 0777) = 0 [pid 2728] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2728] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2728] ioctl(4, LOOP_CLR_FD) = 0 [pid 2728] close(4) = 0 [pid 2728] close(3) = 0 [pid 2728] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2727] <... futex resumed>) = 0 [pid 2727] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2727] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2728] <... futex resumed>) = 1 [pid 2728] chdir("./file0") = 0 [pid 2728] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2727] <... futex resumed>) = 0 [pid 2727] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2727] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2728] <... futex resumed>) = 1 [pid 2728] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2728] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2727] <... futex resumed>) = 0 [pid 2727] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2727] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2727] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2727] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2731], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2731 [pid 2727] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2727] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2728] <... futex resumed>) = 1 [pid 2728] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61./strace-static-x86_64: Process 2731 attached [pid 2731] set_robust_list(0x7f697cdce9e0, 24 [pid 2728] <... write resumed>) = 61 [pid 2728] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2728] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2731] <... set_robust_list resumed>) = 0 [pid 2731] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2731] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2727] <... futex resumed>) = 0 [pid 2727] exit_group(0) = ? [pid 2728] <... futex resumed>) = ? [pid 2728] +++ exited with 0 +++ [pid 2731] <... futex resumed>) = ? [pid 2731] +++ exited with 0 +++ [pid 2727] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2727, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./475", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./475", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./475/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./475/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./475/binderfs") = 0 umount2("./475/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./475/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./475/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./475/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./475/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./475/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./475") = 0 mkdir("./476", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2732 ./strace-static-x86_64: Process 2732 attached [pid 2732] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2732] chdir("./476") = 0 [pid 2732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2732] setpgid(0, 0) = 0 [pid 2732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2732] write(3, "1000", 4) = 4 [pid 2732] close(3) = 0 [pid 2732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2732] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2732] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2732] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2733], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2733 [pid 2732] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2732] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2733 attached [pid 2733] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2733] memfd_create("syzkaller", 0) = 3 [pid 2733] ftruncate(3, 2097152) = 0 [pid 2733] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2733] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2733] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2733] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2733] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2733] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2733] mkdir("./file0", 0777) = 0 [pid 2733] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2733] ioctl(4, LOOP_CLR_FD) = 0 [pid 2733] close(4) = 0 [pid 2733] close(3) = 0 [pid 2733] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2732] <... futex resumed>) = 0 [pid 2732] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2732] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2733] <... futex resumed>) = 1 [pid 2733] chdir("./file0") = 0 [pid 2733] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2732] <... futex resumed>) = 0 [pid 2733] <... futex resumed>) = 1 [pid 2732] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2733] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2732] <... futex resumed>) = 0 [pid 2733] <... openat resumed>) = 3 [pid 2732] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2733] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2733] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2732] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2732] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2732] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2732] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2732] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2736], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2736 [pid 2732] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2732] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2733] <... futex resumed>) = 0 [pid 2733] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2733] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2733] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2736 attached [pid 2736] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2736] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2736] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2732] <... futex resumed>) = 0 [pid 2736] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2732] exit_group(0 [pid 2736] <... futex resumed>) = 231 [pid 2733] <... futex resumed>) = ? [pid 2732] <... exit_group resumed>) = ? [pid 2733] +++ exited with 0 +++ [pid 2736] +++ exited with 0 +++ [pid 2732] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2732, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./476", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./476", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./476/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./476/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./476/binderfs") = 0 umount2("./476/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./476/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./476/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./476/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./476/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./476/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./476") = 0 mkdir("./477", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2737 ./strace-static-x86_64: Process 2737 attached [pid 2737] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2737] chdir("./477") = 0 [pid 2737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2737] setpgid(0, 0) = 0 [pid 2737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2737] write(3, "1000", 4) = 4 [pid 2737] close(3) = 0 [pid 2737] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2737] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2737] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2737] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2737] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2738 attached [pid 2738] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2738] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2737] <... clone resumed>, parent_tid=[2738], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2738 [pid 2737] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2738] <... futex resumed>) = 0 [pid 2737] <... futex resumed>) = 1 [pid 2738] memfd_create("syzkaller", 0 [pid 2737] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2738] <... memfd_create resumed>) = 3 [pid 2738] ftruncate(3, 2097152) = 0 [pid 2738] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2738] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2738] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2738] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2738] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2738] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2738] mkdir("./file0", 0777) = 0 [pid 2738] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2738] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2738] ioctl(4, LOOP_CLR_FD) = 0 [pid 2738] close(4) = 0 [pid 2738] close(3) = 0 [pid 2738] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2738] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2737] <... futex resumed>) = 0 [pid 2737] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2738] <... futex resumed>) = 0 [pid 2738] chdir("./file0") = 0 [pid 2738] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2738] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2737] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2737] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2738] <... futex resumed>) = 0 [pid 2738] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2738] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2738] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2737] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2737] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2738] <... futex resumed>) = 0 [pid 2738] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2738] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2738] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2737] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2738] <... futex resumed>) = 0 [pid 2738] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2738] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2738] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2737] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2737] exit_group(0) = ? [pid 2738] <... futex resumed>) = ? [pid 2738] +++ exited with 0 +++ [pid 2737] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2737, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./477", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./477", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./477/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./477/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./477/binderfs") = 0 umount2("./477/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./477/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./477/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./477/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./477/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./477/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./477") = 0 mkdir("./478", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2741 ./strace-static-x86_64: Process 2741 attached [pid 2741] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2741] chdir("./478") = 0 [pid 2741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2741] setpgid(0, 0) = 0 [pid 2741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2741] write(3, "1000", 4) = 4 [pid 2741] close(3) = 0 [pid 2741] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2741] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2741] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2741] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2742], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2742 [pid 2741] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2741] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2742 attached [pid 2742] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2742] memfd_create("syzkaller", 0) = 3 [pid 2742] ftruncate(3, 2097152) = 0 [pid 2742] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2742] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2742] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2742] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2742] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2742] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2742] mkdir("./file0", 0777) = 0 [pid 2742] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2742] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2742] ioctl(4, LOOP_CLR_FD) = 0 [pid 2742] close(4) = 0 [pid 2742] close(3) = 0 [pid 2742] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2741] <... futex resumed>) = 0 [pid 2741] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2741] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2742] <... futex resumed>) = 1 [pid 2742] chdir("./file0") = 0 [pid 2742] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2741] <... futex resumed>) = 0 [pid 2741] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2741] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2742] <... futex resumed>) = 1 [pid 2742] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2742] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2741] <... futex resumed>) = 0 [pid 2741] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2741] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2741] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2741] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2745], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2745 [pid 2741] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2741] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2742] <... futex resumed>) = 1 [pid 2742] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2742] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2742] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2745 attached [pid 2745] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2745] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2745] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2741] <... futex resumed>) = 0 [pid 2741] exit_group(0) = ? [pid 2742] <... futex resumed>) = ? [pid 2742] +++ exited with 0 +++ [pid 2745] <... futex resumed>) = ? [pid 2745] +++ exited with 0 +++ [pid 2741] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2741, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./478", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./478", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./478/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./478/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./478/binderfs") = 0 umount2("./478/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./478/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./478/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./478/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./478/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./478/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./478") = 0 mkdir("./479", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2746 ./strace-static-x86_64: Process 2746 attached [pid 2746] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2746] chdir("./479") = 0 [pid 2746] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2746] setpgid(0, 0) = 0 [pid 2746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2746] write(3, "1000", 4) = 4 [pid 2746] close(3) = 0 [pid 2746] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2746] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2746] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2746] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2747], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2747 [pid 2746] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2746] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2747 attached [pid 2747] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2747] memfd_create("syzkaller", 0) = 3 [pid 2747] ftruncate(3, 2097152) = 0 [pid 2747] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2747] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2747] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2747] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2747] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2747] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2747] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2747] mkdir("./file0", 0777) = 0 [pid 2747] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2747] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2747] ioctl(4, LOOP_CLR_FD) = 0 [pid 2747] close(4) = 0 [pid 2747] close(3) = 0 [pid 2747] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2746] <... futex resumed>) = 0 [pid 2746] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2746] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2747] <... futex resumed>) = 1 [pid 2747] chdir("./file0") = 0 [pid 2747] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2746] <... futex resumed>) = 0 [pid 2746] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2746] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2747] <... futex resumed>) = 1 [pid 2747] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2747] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2746] <... futex resumed>) = 0 [pid 2746] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2746] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2746] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2746] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2750], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2750 [pid 2746] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2746] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2747] <... futex resumed>) = 1 [pid 2747] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2747] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2747] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2750 attached [pid 2750] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2750] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2750] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2746] <... futex resumed>) = 0 [pid 2750] <... futex resumed>) = 1 [pid 2750] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2746] exit_group(0 [pid 2750] <... futex resumed>) = ? [pid 2746] <... exit_group resumed>) = ? [pid 2747] <... futex resumed>) = ? [pid 2750] +++ exited with 0 +++ [pid 2747] +++ exited with 0 +++ [pid 2746] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2746, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./479", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./479", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./479/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./479/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./479/binderfs") = 0 umount2("./479/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./479/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./479/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./479/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./479/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./479/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./479") = 0 mkdir("./480", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2751 ./strace-static-x86_64: Process 2751 attached [pid 2751] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2751] chdir("./480") = 0 [pid 2751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2751] setpgid(0, 0) = 0 [pid 2751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2751] write(3, "1000", 4) = 4 [pid 2751] close(3) = 0 [pid 2751] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2751] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2751] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2751] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2751] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2752], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2752 [pid 2751] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2751] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2752 attached [pid 2752] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2752] memfd_create("syzkaller", 0) = 3 [pid 2752] ftruncate(3, 2097152) = 0 [pid 2752] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2752] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2752] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2752] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2752] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2752] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2752] mkdir("./file0", 0777) = 0 [pid 2752] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2752] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2752] ioctl(4, LOOP_CLR_FD) = 0 [pid 2752] close(4) = 0 [pid 2752] close(3) = 0 [pid 2752] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2751] <... futex resumed>) = 0 [pid 2751] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2752] chdir("./file0" [pid 2751] <... futex resumed>) = 0 [pid 2752] <... chdir resumed>) = 0 [pid 2751] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2752] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2751] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2752] <... futex resumed>) = 0 [pid 2752] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2751] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2751] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2752] <... openat resumed>) = 3 [pid 2752] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2751] <... futex resumed>) = 0 [pid 2751] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2752] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2751] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2751] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2752] <... write resumed>) = 61 [pid 2752] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2751] <... mmap resumed>) = 0x7f697cdae000 [pid 2751] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2752] <... futex resumed>) = 0 [pid 2751] <... mprotect resumed>) = 0 [pid 2752] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2751] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2755], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2755 [pid 2751] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2751] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2755 attached [pid 2755] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2755] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2755] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2755] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2751] <... futex resumed>) = 0 [pid 2751] exit_group(0) = ? [pid 2752] <... futex resumed>) = ? [pid 2755] <... futex resumed>) = ? [pid 2752] +++ exited with 0 +++ [pid 2755] +++ exited with 0 +++ [pid 2751] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2751, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./480", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./480", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./480/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./480/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./480/binderfs") = 0 umount2("./480/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./480/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./480/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./480/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./480/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./480/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./480") = 0 mkdir("./481", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2756 ./strace-static-x86_64: Process 2756 attached [pid 2756] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2756] chdir("./481") = 0 [pid 2756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2756] setpgid(0, 0) = 0 [pid 2756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2756] write(3, "1000", 4) = 4 [pid 2756] close(3) = 0 [pid 2756] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2756] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2756] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2756] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2757 attached , parent_tid=[2757], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2757 [pid 2757] set_robust_list(0x7f697cdef9e0, 24 [pid 2756] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2757] <... set_robust_list resumed>) = 0 [pid 2756] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2757] memfd_create("syzkaller", 0) = 3 [pid 2757] ftruncate(3, 2097152) = 0 [pid 2757] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2757] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2757] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2757] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2757] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2757] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2757] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2757] mkdir("./file0", 0777) = 0 [pid 2757] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2757] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2757] ioctl(4, LOOP_CLR_FD) = 0 [pid 2757] close(4) = 0 [pid 2757] close(3) = 0 [pid 2757] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2756] <... futex resumed>) = 0 [pid 2756] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2756] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2757] <... futex resumed>) = 1 [pid 2757] chdir("./file0") = 0 [pid 2757] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2756] <... futex resumed>) = 0 [pid 2756] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2756] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2757] <... futex resumed>) = 1 [pid 2757] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2757] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2756] <... futex resumed>) = 0 [pid 2756] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2756] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2756] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2756] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2760], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2760 [pid 2756] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2756] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2757] <... futex resumed>) = 1 [pid 2757] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2757] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2757] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2760 attached [pid 2760] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2760] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2760] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2756] <... futex resumed>) = 0 [pid 2756] exit_group(0) = ? [pid 2760] +++ exited with 0 +++ [pid 2757] <... futex resumed>) = ? [pid 2757] +++ exited with 0 +++ [pid 2756] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2756, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./481", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./481", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./481/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./481/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./481/binderfs") = 0 umount2("./481/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./481/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./481/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./481/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./481/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./481/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./481") = 0 mkdir("./482", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2761 ./strace-static-x86_64: Process 2761 attached [pid 2761] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2761] chdir("./482") = 0 [pid 2761] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2761] setpgid(0, 0) = 0 [pid 2761] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2761] write(3, "1000", 4) = 4 [pid 2761] close(3) = 0 [pid 2761] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2761] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2761] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2761] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2761] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2762 attached , parent_tid=[2762], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2762 [pid 2761] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2761] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2762] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2762] memfd_create("syzkaller", 0) = 3 [pid 2762] ftruncate(3, 2097152) = 0 [pid 2762] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2762] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2762] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2762] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2762] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2762] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2762] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2762] mkdir("./file0", 0777) = 0 [pid 2762] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2762] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2762] ioctl(4, LOOP_CLR_FD) = 0 [pid 2762] close(4) = 0 [pid 2762] close(3) = 0 [pid 2762] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2761] <... futex resumed>) = 0 [pid 2761] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2761] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2762] <... futex resumed>) = 1 [pid 2762] chdir("./file0") = 0 [pid 2762] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2761] <... futex resumed>) = 0 [pid 2761] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2761] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2762] <... futex resumed>) = 1 [pid 2762] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2762] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2761] <... futex resumed>) = 0 [pid 2761] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2761] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2761] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2761] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2761] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2765], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2765 [pid 2761] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2761] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2762] <... futex resumed>) = 1 [pid 2762] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2762] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2762] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2765 attached [pid 2765] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2765] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2765] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2761] <... futex resumed>) = 0 [pid 2765] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2761] exit_group(0) = ? [pid 2762] <... futex resumed>) = ? [pid 2765] <... futex resumed>) = ? [pid 2762] +++ exited with 0 +++ [pid 2765] +++ exited with 0 +++ [pid 2761] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2761, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./482", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./482", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./482/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./482/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./482/binderfs") = 0 umount2("./482/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./482/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./482/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./482/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./482/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./482/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./482") = 0 mkdir("./483", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2766 ./strace-static-x86_64: Process 2766 attached [pid 2766] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2766] chdir("./483") = 0 [pid 2766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2766] setpgid(0, 0) = 0 [pid 2766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2766] write(3, "1000", 4) = 4 [pid 2766] close(3) = 0 [pid 2766] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2766] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2766] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2766] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2767], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2767 [pid 2766] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2766] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2767 attached [pid 2767] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2767] memfd_create("syzkaller", 0) = 3 [pid 2767] ftruncate(3, 2097152) = 0 [pid 2767] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2767] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2767] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2767] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2767] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2767] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2767] mkdir("./file0", 0777) = 0 [pid 2767] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2767] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2767] ioctl(4, LOOP_CLR_FD) = 0 [pid 2767] close(4) = 0 [pid 2767] close(3) = 0 [pid 2767] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2766] <... futex resumed>) = 0 [pid 2766] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2766] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2767] chdir("./file0") = 0 [pid 2767] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2766] <... futex resumed>) = 0 [pid 2766] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2766] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2767] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2767] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2766] <... futex resumed>) = 0 [pid 2766] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2766] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2766] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2766] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2770], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2770 [pid 2766] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2766] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2767] <... futex resumed>) = 1 [pid 2767] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2767] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2767] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2770 attached [pid 2770] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2770] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2770] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2766] <... futex resumed>) = 0 [pid 2766] exit_group(0 [pid 2770] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2767] <... futex resumed>) = ? [pid 2766] <... exit_group resumed>) = ? [pid 2770] <... futex resumed>) = ? [pid 2767] +++ exited with 0 +++ [pid 2770] +++ exited with 0 +++ [pid 2766] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2766, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./483", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./483", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./483/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./483/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./483/binderfs") = 0 umount2("./483/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./483/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./483/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./483/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./483/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./483/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./483") = 0 mkdir("./484", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2771 ./strace-static-x86_64: Process 2771 attached [pid 2771] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2771] chdir("./484") = 0 [pid 2771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2771] setpgid(0, 0) = 0 [pid 2771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2771] write(3, "1000", 4) = 4 [pid 2771] close(3) = 0 [pid 2771] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2771] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2771] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2771] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2772], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2772 [pid 2771] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2771] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2772 attached [pid 2772] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2772] memfd_create("syzkaller", 0) = 3 [pid 2772] ftruncate(3, 2097152) = 0 [pid 2772] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2772] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2772] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2772] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2772] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2772] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2772] mkdir("./file0", 0777) = 0 [pid 2772] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2772] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2772] ioctl(4, LOOP_CLR_FD) = 0 [pid 2772] close(4) = 0 [pid 2772] close(3) = 0 [pid 2772] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2771] <... futex resumed>) = 0 [pid 2771] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2771] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2772] chdir("./file0") = 0 [pid 2772] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2771] <... futex resumed>) = 0 [pid 2771] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2771] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2772] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2772] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2771] <... futex resumed>) = 0 [pid 2771] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2771] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2771] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2772] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2771] <... mprotect resumed>) = 0 [pid 2772] <... write resumed>) = 61 [pid 2771] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2772] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2772] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2775 attached [pid 2771] <... clone resumed>, parent_tid=[2775], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2775 [pid 2771] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2775] set_robust_list(0x7f697cdce9e0, 24 [pid 2771] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2775] <... set_robust_list resumed>) = 0 [pid 2775] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2775] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2771] <... futex resumed>) = 0 [pid 2775] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2771] exit_group(0 [pid 2772] <... futex resumed>) = ? [pid 2771] <... exit_group resumed>) = ? [pid 2772] +++ exited with 0 +++ [pid 2775] <... futex resumed>) = ? [pid 2775] +++ exited with 0 +++ [pid 2771] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2771, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./484", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./484", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./484/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./484/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./484/binderfs") = 0 umount2("./484/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./484/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./484/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./484/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./484/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./484/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./484") = 0 mkdir("./485", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2776 ./strace-static-x86_64: Process 2776 attached [pid 2776] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2776] chdir("./485") = 0 [pid 2776] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2776] setpgid(0, 0) = 0 [pid 2776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2776] write(3, "1000", 4) = 4 [pid 2776] close(3) = 0 [pid 2776] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2776] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2776] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2776] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2776] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2777], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2777 ./strace-static-x86_64: Process 2777 attached [pid 2776] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2776] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2777] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2777] memfd_create("syzkaller", 0) = 3 [pid 2777] ftruncate(3, 2097152) = 0 [pid 2777] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2777] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2777] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2777] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2777] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2777] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2777] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2777] mkdir("./file0", 0777) = 0 [pid 2777] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2777] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2777] ioctl(4, LOOP_CLR_FD) = 0 [pid 2777] close(4) = 0 [pid 2777] close(3) = 0 [pid 2777] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2777] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2776] <... futex resumed>) = 0 [pid 2777] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2776] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2777] chdir("./file0") = 0 [pid 2777] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2777] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 2776] <... futex resumed>) = 1 [pid 2777] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2776] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2776] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2777] <... futex resumed>) = 0 [pid 2776] <... futex resumed>) = 1 [pid 2777] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2776] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2777] <... openat resumed>) = 3 [pid 2777] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2776] <... futex resumed>) = 0 [pid 2777] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2776] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2777] <... write resumed>) = 61 [pid 2776] <... futex resumed>) = 0 [pid 2777] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2776] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2777] <... futex resumed>) = 0 [pid 2776] <... futex resumed>) = 0 [pid 2777] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2776] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2776] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2776] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2780], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2780 [pid 2776] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2776] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2780 attached [pid 2780] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2780] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2780] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2776] <... futex resumed>) = 0 [pid 2776] exit_group(0 [pid 2777] <... futex resumed>) = ? [pid 2776] <... exit_group resumed>) = ? [pid 2777] +++ exited with 0 +++ [pid 2780] <... futex resumed>) = ? [pid 2780] +++ exited with 0 +++ [pid 2776] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2776, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./485", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./485", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./485/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./485/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./485/binderfs") = 0 umount2("./485/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./485/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./485/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./485/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./485/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./485/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./485") = 0 mkdir("./486", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2781 ./strace-static-x86_64: Process 2781 attached [pid 2781] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2781] chdir("./486") = 0 [pid 2781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2781] setpgid(0, 0) = 0 [pid 2781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2781] write(3, "1000", 4) = 4 [pid 2781] close(3) = 0 [pid 2781] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2781] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2781] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2781] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2782], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2782 [pid 2781] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2781] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2782 attached [pid 2782] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2782] memfd_create("syzkaller", 0) = 3 [pid 2782] ftruncate(3, 2097152) = 0 [pid 2782] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2782] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2782] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2782] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2782] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2782] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2782] mkdir("./file0", 0777) = 0 [pid 2782] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2782] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2782] ioctl(4, LOOP_CLR_FD) = 0 [pid 2782] close(4) = 0 [pid 2782] close(3) = 0 [pid 2782] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2781] <... futex resumed>) = 0 [pid 2782] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2781] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2782] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2781] <... futex resumed>) = 0 [pid 2782] chdir("./file0" [pid 2781] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2782] <... chdir resumed>) = 0 [pid 2782] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2781] <... futex resumed>) = 0 [pid 2782] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2781] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2782] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2781] <... futex resumed>) = 0 [pid 2781] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2782] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2782] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2781] <... futex resumed>) = 0 [pid 2782] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2781] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2782] <... futex resumed>) = 0 [pid 2781] <... futex resumed>) = 1 [pid 2782] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2781] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2782] <... write resumed>) = 61 [pid 2781] <... futex resumed>) = 0 [pid 2782] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2782] <... futex resumed>) = 0 [pid 2781] <... mmap resumed>) = 0x7f697cdae000 [pid 2782] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2781] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2781] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2785], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2785 [pid 2781] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2781] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2785 attached [pid 2785] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2785] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2785] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2781] <... futex resumed>) = 0 [pid 2781] exit_group(0 [pid 2782] <... futex resumed>) = ? [pid 2781] <... exit_group resumed>) = ? [pid 2782] +++ exited with 0 +++ [pid 2785] +++ exited with 0 +++ [pid 2781] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2781, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./486", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./486", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./486/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./486/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./486/binderfs") = 0 umount2("./486/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./486/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./486/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./486/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./486/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./486/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./486") = 0 mkdir("./487", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2786 ./strace-static-x86_64: Process 2786 attached [pid 2786] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2786] chdir("./487") = 0 [pid 2786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2786] setpgid(0, 0) = 0 [pid 2786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2786] write(3, "1000", 4) = 4 [pid 2786] close(3) = 0 [pid 2786] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2786] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2786] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2786] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2787], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2787 [pid 2786] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2786] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2787 attached [pid 2787] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2787] memfd_create("syzkaller", 0) = 3 [pid 2787] ftruncate(3, 2097152) = 0 [pid 2787] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2787] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2787] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2787] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2787] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2787] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2787] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2787] mkdir("./file0", 0777) = 0 [pid 2787] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2787] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2787] ioctl(4, LOOP_CLR_FD) = 0 [pid 2787] close(4) = 0 [pid 2787] close(3) = 0 [pid 2787] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2786] <... futex resumed>) = 0 [pid 2786] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2786] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2787] chdir("./file0") = 0 [pid 2787] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2786] <... futex resumed>) = 0 [pid 2786] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2786] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2787] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2787] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2786] <... futex resumed>) = 0 [pid 2786] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2786] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2786] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2786] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2790], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2790 [pid 2787] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2786] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2787] <... write resumed>) = 61 [pid 2786] <... futex resumed>) = 0 [pid 2787] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2786] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2787] <... futex resumed>) = 0 [pid 2787] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2790 attached [pid 2790] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2790] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2790] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2786] <... futex resumed>) = 0 [pid 2786] exit_group(0 [pid 2787] <... futex resumed>) = ? [pid 2786] <... exit_group resumed>) = ? [pid 2787] +++ exited with 0 +++ [pid 2790] <... futex resumed>) = ? [pid 2790] +++ exited with 0 +++ [pid 2786] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2786, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./487", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./487", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./487/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./487/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./487/binderfs") = 0 umount2("./487/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./487/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./487/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./487/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./487/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./487/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./487") = 0 mkdir("./488", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2791 ./strace-static-x86_64: Process 2791 attached [pid 2791] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2791] chdir("./488") = 0 [pid 2791] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2791] setpgid(0, 0) = 0 [pid 2791] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2791] write(3, "1000", 4) = 4 [pid 2791] close(3) = 0 [pid 2791] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2791] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2791] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2791] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2791] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2792], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2792 [pid 2791] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2791] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2792 attached [pid 2792] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2792] memfd_create("syzkaller", 0) = 3 [pid 2792] ftruncate(3, 2097152) = 0 [pid 2792] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2792] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2792] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2792] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2792] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2792] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2792] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2792] mkdir("./file0", 0777) = 0 [pid 2792] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2792] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2792] ioctl(4, LOOP_CLR_FD) = 0 [pid 2792] close(4) = 0 [pid 2792] close(3) = 0 [pid 2792] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2791] <... futex resumed>) = 0 [pid 2791] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2791] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2792] chdir("./file0") = 0 [pid 2792] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2791] <... futex resumed>) = 0 [pid 2791] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2791] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2792] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2792] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2791] <... futex resumed>) = 0 [pid 2791] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2791] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2791] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2791] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2791] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2795], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2795 [pid 2791] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2791] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2792] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2792] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2792] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2795 attached [pid 2795] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2795] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2795] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2791] <... futex resumed>) = 0 [pid 2791] exit_group(0 [pid 2792] <... futex resumed>) = ? [pid 2791] <... exit_group resumed>) = ? [pid 2792] +++ exited with 0 +++ [pid 2795] <... futex resumed>) = ? [pid 2795] +++ exited with 0 +++ [pid 2791] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2791, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./488", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./488", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./488/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./488/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./488/binderfs") = 0 umount2("./488/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./488/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./488/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./488/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./488/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./488/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./488") = 0 mkdir("./489", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2796 ./strace-static-x86_64: Process 2796 attached [pid 2796] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2796] chdir("./489") = 0 [pid 2796] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2796] setpgid(0, 0) = 0 [pid 2796] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2796] write(3, "1000", 4) = 4 [pid 2796] close(3) = 0 [pid 2796] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2796] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2796] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2796] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2796] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2797], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2797 [pid 2796] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2796] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2797 attached [pid 2797] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2797] memfd_create("syzkaller", 0) = 3 [pid 2797] ftruncate(3, 2097152) = 0 [pid 2797] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2797] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2797] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2797] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2797] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2797] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2797] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2797] mkdir("./file0", 0777) = 0 [pid 2797] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2797] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2797] ioctl(4, LOOP_CLR_FD) = 0 [pid 2797] close(4) = 0 [pid 2797] close(3) = 0 [pid 2797] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2796] <... futex resumed>) = 0 [pid 2796] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2796] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2797] <... futex resumed>) = 1 [pid 2797] chdir("./file0") = 0 [pid 2797] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2796] <... futex resumed>) = 0 [pid 2796] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2796] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2797] <... futex resumed>) = 1 [pid 2797] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2797] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2796] <... futex resumed>) = 0 [pid 2796] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2796] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2796] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2796] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2796] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2800 attached , parent_tid=[2800], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2800 [pid 2796] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2796] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2797] <... futex resumed>) = 1 [pid 2797] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2800] set_robust_list(0x7f697cdce9e0, 24 [pid 2797] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2797] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2800] <... set_robust_list resumed>) = 0 [pid 2800] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2800] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2796] <... futex resumed>) = 0 [pid 2800] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2796] exit_group(0) = ? [pid 2797] <... futex resumed>) = ? [pid 2797] +++ exited with 0 +++ [pid 2800] <... futex resumed>) = ? [pid 2800] +++ exited with 0 +++ [pid 2796] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2796, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./489", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./489", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./489/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./489/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./489/binderfs") = 0 umount2("./489/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./489/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./489/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./489/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./489/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./489/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./489") = 0 mkdir("./490", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2801 ./strace-static-x86_64: Process 2801 attached [pid 2801] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2801] chdir("./490") = 0 [pid 2801] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2801] setpgid(0, 0) = 0 [pid 2801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2801] write(3, "1000", 4) = 4 [pid 2801] close(3) = 0 [pid 2801] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2801] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2801] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2801] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2802], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2802 [pid 2801] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2801] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2802 attached [pid 2802] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2802] memfd_create("syzkaller", 0) = 3 [pid 2802] ftruncate(3, 2097152) = 0 [pid 2802] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2802] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2802] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2802] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2802] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2802] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2802] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2802] mkdir("./file0", 0777) = 0 [pid 2802] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2802] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2802] ioctl(4, LOOP_CLR_FD) = 0 [pid 2802] close(4) = 0 [pid 2802] close(3) = 0 [pid 2802] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2801] <... futex resumed>) = 0 [pid 2802] chdir("./file0" [pid 2801] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2802] <... chdir resumed>) = 0 [pid 2801] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2802] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2801] <... futex resumed>) = 0 [pid 2802] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2801] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2801] <... futex resumed>) = 0 [pid 2801] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2802] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2802] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2801] <... futex resumed>) = 0 [pid 2801] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2802] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2801] <... futex resumed>) = 0 [pid 2802] <... write resumed>) = 61 [pid 2801] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2802] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2801] <... futex resumed>) = 0 [pid 2802] <... futex resumed>) = 0 [pid 2801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2802] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2801] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2801] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2805], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2805 [pid 2801] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2801] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2805 attached [pid 2805] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2805] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2805] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2801] <... futex resumed>) = 0 [pid 2801] exit_group(0 [pid 2802] <... futex resumed>) = ? [pid 2801] <... exit_group resumed>) = ? [pid 2802] +++ exited with 0 +++ [pid 2805] +++ exited with 0 +++ [pid 2801] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2801, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./490", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./490", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./490/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./490/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./490/binderfs") = 0 umount2("./490/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./490/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./490/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./490/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./490/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./490/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./490") = 0 mkdir("./491", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2806 ./strace-static-x86_64: Process 2806 attached [pid 2806] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2806] chdir("./491") = 0 [pid 2806] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2806] setpgid(0, 0) = 0 [pid 2806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2806] write(3, "1000", 4) = 4 [pid 2806] close(3) = 0 [pid 2806] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2806] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2806] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2806] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2806] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2807], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2807 [pid 2806] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2807 attached ) = 0 [pid 2807] set_robust_list(0x7f697cdef9e0, 24 [pid 2806] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2807] <... set_robust_list resumed>) = 0 [pid 2807] memfd_create("syzkaller", 0) = 3 [pid 2807] ftruncate(3, 2097152) = 0 [pid 2807] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2807] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2807] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2807] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2807] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2807] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2807] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2807] mkdir("./file0", 0777) = 0 [pid 2807] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2807] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2807] ioctl(4, LOOP_CLR_FD) = 0 [pid 2807] close(4) = 0 [pid 2807] close(3) = 0 [pid 2807] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2806] <... futex resumed>) = 0 [pid 2806] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2806] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2807] <... futex resumed>) = 1 [pid 2807] chdir("./file0") = 0 [pid 2807] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2806] <... futex resumed>) = 0 [pid 2807] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2806] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2807] <... openat resumed>) = 3 [pid 2807] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2806] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2807] <... futex resumed>) = 0 [pid 2806] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2807] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2806] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2807] <... write resumed>) = 61 [pid 2807] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2806] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2807] <... futex resumed>) = 0 [pid 2806] <... futex resumed>) = 0 [pid 2807] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2806] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2806] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2806] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2810 attached , parent_tid=[2810], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2810 [pid 2810] set_robust_list(0x7f697cdce9e0, 24 [pid 2806] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2810] <... set_robust_list resumed>) = 0 [pid 2806] <... futex resumed>) = 0 [pid 2810] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2806] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2810] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2810] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2806] <... futex resumed>) = 0 [pid 2810] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2806] exit_group(0 [pid 2810] <... futex resumed>) = 231 [pid 2807] <... futex resumed>) = ? [pid 2806] <... exit_group resumed>) = ? [pid 2807] +++ exited with 0 +++ [pid 2810] +++ exited with 0 +++ [pid 2806] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2806, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./491", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./491", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./491/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./491/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./491/binderfs") = 0 umount2("./491/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./491/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./491/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./491/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./491/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./491/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./491") = 0 mkdir("./492", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2811 ./strace-static-x86_64: Process 2811 attached [pid 2811] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2811] chdir("./492") = 0 [pid 2811] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2811] setpgid(0, 0) = 0 [pid 2811] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2811] write(3, "1000", 4) = 4 [pid 2811] close(3) = 0 [pid 2811] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2811] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2811] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2811] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2811] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2812], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2812 [pid 2811] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2811] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2812 attached [pid 2812] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2812] memfd_create("syzkaller", 0) = 3 [pid 2812] ftruncate(3, 2097152) = 0 [pid 2812] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2812] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2812] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2812] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2812] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2812] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2812] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2812] mkdir("./file0", 0777) = 0 [pid 2812] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2812] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2812] ioctl(4, LOOP_CLR_FD) = 0 [pid 2812] close(4) = 0 [pid 2812] close(3) = 0 [pid 2812] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2811] <... futex resumed>) = 0 [pid 2811] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2811] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2812] <... futex resumed>) = 1 [pid 2812] chdir("./file0") = 0 [pid 2812] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2811] <... futex resumed>) = 0 [pid 2811] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2811] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2812] <... futex resumed>) = 1 [pid 2812] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2812] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2811] <... futex resumed>) = 0 [pid 2811] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2811] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2811] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2811] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2811] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2815], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2815 [pid 2811] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2811] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2812] <... futex resumed>) = 1 [pid 2812] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2812] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2812] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2815 attached [pid 2815] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2815] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2815] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2811] <... futex resumed>) = 0 [pid 2811] exit_group(0 [pid 2812] <... futex resumed>) = ? [pid 2811] <... exit_group resumed>) = ? [pid 2812] +++ exited with 0 +++ [pid 2815] <... futex resumed>) = ? [pid 2815] +++ exited with 0 +++ [pid 2811] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2811, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./492", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./492", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./492/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./492/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./492/binderfs") = 0 umount2("./492/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./492/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./492/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./492/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./492/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./492/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./492") = 0 mkdir("./493", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2816 ./strace-static-x86_64: Process 2816 attached [pid 2816] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2816] chdir("./493") = 0 [pid 2816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2816] setpgid(0, 0) = 0 [pid 2816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2816] write(3, "1000", 4) = 4 [pid 2816] close(3) = 0 [pid 2816] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2816] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2816] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2816] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2817 attached , parent_tid=[2817], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2817 [pid 2816] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2816] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2817] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2817] memfd_create("syzkaller", 0) = 3 [pid 2817] ftruncate(3, 2097152) = 0 [pid 2817] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2817] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2817] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2817] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2817] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2817] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2817] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2817] mkdir("./file0", 0777) = 0 [pid 2817] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2817] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2817] ioctl(4, LOOP_CLR_FD) = 0 [pid 2817] close(4) = 0 [pid 2817] close(3) = 0 [pid 2817] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2816] <... futex resumed>) = 0 [pid 2816] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2816] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2817] <... futex resumed>) = 1 [pid 2817] chdir("./file0") = 0 [pid 2817] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2816] <... futex resumed>) = 0 [pid 2816] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2816] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2817] <... futex resumed>) = 1 [pid 2817] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2817] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2816] <... futex resumed>) = 0 [pid 2816] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2816] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2816] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2816] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2820], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2820 [pid 2816] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2816] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2817] <... futex resumed>) = 1 [pid 2817] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2817] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2817] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2820 attached [pid 2820] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2820] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2820] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2816] <... futex resumed>) = 0 [pid 2816] exit_group(0) = ? [pid 2817] <... futex resumed>) = ? [pid 2817] +++ exited with 0 +++ [pid 2820] <... futex resumed>) = ? [pid 2820] +++ exited with 0 +++ [pid 2816] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2816, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./493", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./493", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./493/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./493/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./493/binderfs") = 0 umount2("./493/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./493/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./493/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./493/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./493/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./493/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./493") = 0 mkdir("./494", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2821 ./strace-static-x86_64: Process 2821 attached [pid 2821] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2821] chdir("./494") = 0 [pid 2821] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2821] setpgid(0, 0) = 0 [pid 2821] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2821] write(3, "1000", 4) = 4 [pid 2821] close(3) = 0 [pid 2821] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2821] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2821] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2821] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2821] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2822], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2822 [pid 2821] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2821] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2822 attached [pid 2822] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2822] memfd_create("syzkaller", 0) = 3 [pid 2822] ftruncate(3, 2097152) = 0 [pid 2822] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2822] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2822] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2822] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2822] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2822] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2822] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2822] mkdir("./file0", 0777) = 0 [pid 2822] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2822] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2822] ioctl(4, LOOP_CLR_FD) = 0 [pid 2822] close(4) = 0 [pid 2822] close(3) = 0 [pid 2822] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2821] <... futex resumed>) = 0 [pid 2821] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2821] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2822] <... futex resumed>) = 1 [pid 2822] chdir("./file0") = 0 [pid 2822] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2821] <... futex resumed>) = 0 [pid 2821] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2821] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2822] <... futex resumed>) = 1 [pid 2822] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2822] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2821] <... futex resumed>) = 0 [pid 2821] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2821] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2821] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2821] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2821] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2825], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2825 [pid 2821] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2821] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2822] <... futex resumed>) = 1 [pid 2822] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2822] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2822] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2825 attached [pid 2825] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2825] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2825] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2821] <... futex resumed>) = 0 [pid 2821] exit_group(0 [pid 2822] <... futex resumed>) = ? [pid 2821] <... exit_group resumed>) = ? [pid 2822] +++ exited with 0 +++ [pid 2825] <... futex resumed>) = ? [pid 2825] +++ exited with 0 +++ [pid 2821] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2821, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./494", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./494", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./494/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./494/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./494/binderfs") = 0 umount2("./494/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./494/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./494/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./494/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./494/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./494/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./494") = 0 mkdir("./495", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2826 ./strace-static-x86_64: Process 2826 attached [pid 2826] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2826] chdir("./495") = 0 [pid 2826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2826] setpgid(0, 0) = 0 [pid 2826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2826] write(3, "1000", 4) = 4 [pid 2826] close(3) = 0 [pid 2826] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2826] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2826] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2826] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2827], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2827 [pid 2826] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2826] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2827 attached [pid 2827] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2827] memfd_create("syzkaller", 0) = 3 [pid 2827] ftruncate(3, 2097152) = 0 [pid 2827] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2827] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2827] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2827] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2827] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2827] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2827] mkdir("./file0", 0777) = 0 [pid 2827] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2827] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2827] ioctl(4, LOOP_CLR_FD) = 0 [pid 2827] close(4) = 0 [pid 2827] close(3) = 0 [pid 2827] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2826] <... futex resumed>) = 0 [pid 2827] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2826] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2826] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2827] <... futex resumed>) = 0 [pid 2827] chdir("./file0") = 0 [pid 2827] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2826] <... futex resumed>) = 0 [pid 2826] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2826] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2827] <... futex resumed>) = 1 [pid 2827] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2827] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2826] <... futex resumed>) = 0 [pid 2826] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2826] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2826] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2826] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2830], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2830 [pid 2826] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2826] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2827] <... futex resumed>) = 1 [pid 2827] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2827] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2827] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2830 attached [pid 2830] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2830] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2830] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2826] <... futex resumed>) = 0 [pid 2826] exit_group(0) = ? [pid 2830] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 2827] <... futex resumed>) = ? [pid 2827] +++ exited with 0 +++ [pid 2830] +++ exited with 0 +++ [pid 2826] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2826, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./495", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./495", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./495/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./495/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./495/binderfs") = 0 umount2("./495/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./495/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./495/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./495/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./495/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./495/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./495") = 0 mkdir("./496", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2831 ./strace-static-x86_64: Process 2831 attached [pid 2831] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2831] chdir("./496") = 0 [pid 2831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2831] setpgid(0, 0) = 0 [pid 2831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2831] write(3, "1000", 4) = 4 [pid 2831] close(3) = 0 [pid 2831] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2831] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2831] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2831] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2832], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2832 [pid 2831] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2832 attached [pid 2831] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2832] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2832] memfd_create("syzkaller", 0) = 3 [pid 2832] ftruncate(3, 2097152) = 0 [pid 2832] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2832] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2832] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2832] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2832] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2832] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2832] mkdir("./file0", 0777) = 0 [pid 2832] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2832] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2832] ioctl(4, LOOP_CLR_FD) = 0 [pid 2832] close(4) = 0 [pid 2832] close(3) = 0 [pid 2832] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2831] <... futex resumed>) = 0 [pid 2832] <... futex resumed>) = 1 [pid 2831] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2832] chdir("./file0" [pid 2831] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2832] <... chdir resumed>) = 0 [pid 2832] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2831] <... futex resumed>) = 0 [pid 2832] <... futex resumed>) = 1 [pid 2831] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2831] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2832] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2832] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2831] <... futex resumed>) = 0 [pid 2832] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2831] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2832] <... write resumed>) = 61 [pid 2831] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2832] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2831] <... futex resumed>) = 0 [pid 2831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2831] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2831] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2835 attached , parent_tid=[2835], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2835 [pid 2835] set_robust_list(0x7f697cdce9e0, 24 [pid 2831] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2835] <... set_robust_list resumed>) = 0 [pid 2831] <... futex resumed>) = 0 [pid 2835] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2831] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2832] <... futex resumed>) = 0 [pid 2832] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2835] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2835] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2831] <... futex resumed>) = 0 [pid 2835] <... futex resumed>) = 1 [pid 2835] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2831] exit_group(0) = ? [pid 2835] <... futex resumed>) = ? [pid 2835] +++ exited with 0 +++ [pid 2832] <... futex resumed>) = ? [pid 2832] +++ exited with 0 +++ [pid 2831] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2831, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./496", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./496", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./496/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./496/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./496/binderfs") = 0 umount2("./496/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./496/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./496/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./496/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./496/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./496/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./496") = 0 mkdir("./497", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2836 ./strace-static-x86_64: Process 2836 attached [pid 2836] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2836] chdir("./497") = 0 [pid 2836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2836] setpgid(0, 0) = 0 [pid 2836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2836] write(3, "1000", 4) = 4 [pid 2836] close(3) = 0 [pid 2836] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2836] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2836] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2836] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2837], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2837 ./strace-static-x86_64: Process 2837 attached [pid 2836] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2837] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2837] memfd_create("syzkaller", 0 [pid 2836] <... futex resumed>) = 0 [pid 2837] <... memfd_create resumed>) = 3 [pid 2837] ftruncate(3, 2097152) = 0 [pid 2837] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2837] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2837] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2837] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2837] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2837] ioctl(4, LOOP_SET_FD, 3 [pid 2836] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2837] <... ioctl resumed>) = 0 [pid 2837] mkdir("./file0", 0777) = 0 [pid 2837] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2837] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2837] ioctl(4, LOOP_CLR_FD) = 0 [pid 2837] close(4) = 0 [pid 2837] close(3) = 0 [pid 2837] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2837] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2836] <... futex resumed>) = 0 [pid 2836] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2837] <... futex resumed>) = 0 [pid 2837] chdir("./file0") = 0 [pid 2837] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2837] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2836] <... futex resumed>) = 1 [pid 2836] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2836] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2837] <... futex resumed>) = 0 [pid 2837] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2836] <... futex resumed>) = 1 [pid 2836] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2837] <... openat resumed>) = 3 [pid 2837] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2837] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2836] <... futex resumed>) = 0 [pid 2836] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2837] <... futex resumed>) = 0 [pid 2837] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2837] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2837] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2836] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2837] <... futex resumed>) = 0 [pid 2837] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2836] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2837] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2837] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2837] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2836] <... futex resumed>) = 0 [pid 2836] exit_group(0) = ? [pid 2837] <... futex resumed>) = ? [pid 2837] +++ exited with 0 +++ [pid 2836] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2836, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./497", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./497", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./497/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./497/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./497/binderfs") = 0 umount2("./497/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./497/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./497/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./497/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./497/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./497/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./497") = 0 mkdir("./498", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2840 ./strace-static-x86_64: Process 2840 attached [pid 2840] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2840] chdir("./498") = 0 [pid 2840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2840] setpgid(0, 0) = 0 [pid 2840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2840] write(3, "1000", 4) = 4 [pid 2840] close(3) = 0 [pid 2840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2840] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2840] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2840] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2841], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2841 [pid 2840] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2840] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2841 attached [pid 2841] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2841] memfd_create("syzkaller", 0) = 3 [pid 2841] ftruncate(3, 2097152) = 0 [pid 2841] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2841] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2841] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2841] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2841] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2841] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2841] mkdir("./file0", 0777) = 0 [pid 2841] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2841] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2841] ioctl(4, LOOP_CLR_FD) = 0 [pid 2841] close(4) = 0 [pid 2841] close(3) = 0 [pid 2841] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2840] <... futex resumed>) = 0 [pid 2840] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2840] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2841] chdir("./file0") = 0 [pid 2841] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2840] <... futex resumed>) = 0 [pid 2840] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2840] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2841] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2841] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2840] <... futex resumed>) = 0 [pid 2841] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2840] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2840] <... futex resumed>) = 0 [pid 2840] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2841] <... write resumed>) = 61 [pid 2840] <... futex resumed>) = 0 [pid 2841] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2841] <... futex resumed>) = 0 [pid 2841] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2840] <... mmap resumed>) = 0x7f697cdae000 [pid 2840] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2840] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2844], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2844 [pid 2840] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2840] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2844 attached [pid 2844] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2844] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2844] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2840] <... futex resumed>) = 0 [pid 2840] exit_group(0) = ? [pid 2844] <... futex resumed>) = ? [pid 2841] <... futex resumed>) = ? [pid 2841] +++ exited with 0 +++ [pid 2844] +++ exited with 0 +++ [pid 2840] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2840, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./498", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./498", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./498/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./498/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./498/binderfs") = 0 umount2("./498/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./498/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./498/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./498/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./498/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./498/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./498") = 0 mkdir("./499", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2845 ./strace-static-x86_64: Process 2845 attached [pid 2845] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2845] chdir("./499") = 0 [pid 2845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2845] setpgid(0, 0) = 0 [pid 2845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2845] write(3, "1000", 4) = 4 [pid 2845] close(3) = 0 [pid 2845] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2845] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2845] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2845] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2846], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2846 [pid 2845] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2845] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2846 attached [pid 2846] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2846] memfd_create("syzkaller", 0) = 3 [pid 2846] ftruncate(3, 2097152) = 0 [pid 2846] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2846] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2846] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2846] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2846] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2846] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2846] mkdir("./file0", 0777) = 0 [pid 2846] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2846] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2846] ioctl(4, LOOP_CLR_FD) = 0 [pid 2846] close(4) = 0 [pid 2846] close(3) = 0 [pid 2846] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2845] <... futex resumed>) = 0 [pid 2845] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2845] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2846] chdir("./file0") = 0 [pid 2846] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2845] <... futex resumed>) = 0 [pid 2845] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2845] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2846] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2846] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2845] <... futex resumed>) = 0 [pid 2845] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2845] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2845] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2846] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2845] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2846] <... write resumed>) = 61 [pid 2846] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2845] <... clone resumed>, parent_tid=[2849], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2849 [pid 2846] <... futex resumed>) = 0 [pid 2845] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2846] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2845] <... futex resumed>) = 0 [pid 2845] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2849 attached [pid 2849] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2849] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2849] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2845] <... futex resumed>) = 0 [pid 2845] exit_group(0 [pid 2849] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2846] <... futex resumed>) = ? [pid 2845] <... exit_group resumed>) = ? [pid 2849] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 2849] +++ exited with 0 +++ [pid 2846] +++ exited with 0 +++ [pid 2845] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2845, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./499", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./499", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./499/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./499/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./499/binderfs") = 0 umount2("./499/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./499/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./499/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./499/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./499/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./499/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./499") = 0 mkdir("./500", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2850 ./strace-static-x86_64: Process 2850 attached [pid 2850] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2850] chdir("./500") = 0 [pid 2850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2850] setpgid(0, 0) = 0 [pid 2850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2850] write(3, "1000", 4) = 4 [pid 2850] close(3) = 0 [pid 2850] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2850] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2850] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2850] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2850] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2851], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2851 [pid 2850] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2850] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2851 attached [pid 2851] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2851] memfd_create("syzkaller", 0) = 3 [pid 2851] ftruncate(3, 2097152) = 0 [pid 2851] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2851] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2851] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2851] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2851] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2851] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2851] mkdir("./file0", 0777) = 0 [pid 2851] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2851] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2851] ioctl(4, LOOP_CLR_FD) = 0 [pid 2851] close(4) = 0 [pid 2851] close(3) = 0 [pid 2851] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2850] <... futex resumed>) = 0 [pid 2851] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2850] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2851] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2850] <... futex resumed>) = 0 [pid 2851] chdir("./file0" [pid 2850] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2851] <... chdir resumed>) = 0 [pid 2851] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2850] <... futex resumed>) = 0 [pid 2851] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2850] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2851] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2850] <... futex resumed>) = 0 [pid 2851] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2850] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2851] <... openat resumed>) = 3 [pid 2851] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2850] <... futex resumed>) = 0 [pid 2851] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2850] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2851] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2850] <... futex resumed>) = 0 [pid 2851] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2850] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2851] <... write resumed>) = 61 [pid 2850] <... futex resumed>) = 0 [pid 2851] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2850] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2851] <... futex resumed>) = 0 [pid 2850] <... mmap resumed>) = 0x7f697cdae000 [pid 2851] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2850] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2850] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2854], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2854 [pid 2850] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2850] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2854 attached [pid 2854] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2854] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2854] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2854] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2850] <... futex resumed>) = 0 [pid 2850] exit_group(0 [pid 2854] <... futex resumed>) = ? [pid 2851] <... futex resumed>) = ? [pid 2850] <... exit_group resumed>) = ? [pid 2851] +++ exited with 0 +++ [pid 2854] +++ exited with 0 +++ [pid 2850] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2850, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./500", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./500", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./500/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./500/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./500/binderfs") = 0 umount2("./500/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./500/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./500/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./500/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./500/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./500/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./500") = 0 mkdir("./501", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2855 ./strace-static-x86_64: Process 2855 attached [pid 2855] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2855] chdir("./501") = 0 [pid 2855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2855] setpgid(0, 0) = 0 [pid 2855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2855] write(3, "1000", 4) = 4 [pid 2855] close(3) = 0 [pid 2855] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2855] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2855] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2855] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2856], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2856 [pid 2855] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2855] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2856 attached [pid 2856] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2856] memfd_create("syzkaller", 0) = 3 [pid 2856] ftruncate(3, 2097152) = 0 [pid 2856] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2856] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2856] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2856] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2856] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2856] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2856] mkdir("./file0", 0777) = 0 [pid 2856] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2856] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2856] ioctl(4, LOOP_CLR_FD) = 0 [pid 2856] close(4) = 0 [pid 2856] close(3) = 0 [pid 2856] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2855] <... futex resumed>) = 0 [pid 2855] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2855] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2856] <... futex resumed>) = 1 [pid 2856] chdir("./file0") = 0 [pid 2856] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2855] <... futex resumed>) = 0 [pid 2855] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2855] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2856] <... futex resumed>) = 1 [pid 2856] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2856] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2855] <... futex resumed>) = 0 [pid 2855] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2855] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2855] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2855] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2859], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2859 [pid 2855] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2855] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2856] <... futex resumed>) = 1 [pid 2856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2856] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2856] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2859 attached [pid 2859] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2859] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2859] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2855] <... futex resumed>) = 0 [pid 2855] exit_group(0) = ? [pid 2856] <... futex resumed>) = ? [pid 2856] +++ exited with 0 +++ [pid 2859] <... futex resumed>) = ? [pid 2859] +++ exited with 0 +++ [pid 2855] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2855, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./501", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./501", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./501/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./501/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./501/binderfs") = 0 umount2("./501/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./501/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./501/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./501/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./501/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./501/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./501") = 0 mkdir("./502", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2860 ./strace-static-x86_64: Process 2860 attached [pid 2860] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2860] chdir("./502") = 0 [pid 2860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2860] setpgid(0, 0) = 0 [pid 2860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2860] write(3, "1000", 4) = 4 [pid 2860] close(3) = 0 [pid 2860] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2860] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2860] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2860] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2861], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2861 [pid 2860] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2860] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2861 attached [pid 2861] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2861] memfd_create("syzkaller", 0) = 3 [pid 2861] ftruncate(3, 2097152) = 0 [pid 2861] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2861] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2861] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2861] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2861] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2861] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2861] mkdir("./file0", 0777) = 0 [pid 2861] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2861] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2861] ioctl(4, LOOP_CLR_FD) = 0 [pid 2861] close(4) = 0 [pid 2861] close(3) = 0 [pid 2861] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2860] <... futex resumed>) = 0 [pid 2860] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2860] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2861] <... futex resumed>) = 1 [pid 2861] chdir("./file0") = 0 [pid 2861] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2860] <... futex resumed>) = 0 [pid 2860] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2860] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2861] <... futex resumed>) = 1 [pid 2861] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2861] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2860] <... futex resumed>) = 0 [pid 2860] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2860] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2860] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2860] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2864], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2864 ./strace-static-x86_64: Process 2864 attached [pid 2860] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2860] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2861] <... futex resumed>) = 1 [pid 2861] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2864] set_robust_list(0x7f697cdce9e0, 24 [pid 2861] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2861] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2864] <... set_robust_list resumed>) = 0 [pid 2864] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2864] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2860] <... futex resumed>) = 0 [pid 2860] exit_group(0) = ? [pid 2861] <... futex resumed>) = ? [pid 2864] +++ exited with 0 +++ [pid 2861] +++ exited with 0 +++ [pid 2860] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2860, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./502", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./502", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./502/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./502/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./502/binderfs") = 0 umount2("./502/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./502/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./502/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./502/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./502/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./502/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./502") = 0 mkdir("./503", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2865 ./strace-static-x86_64: Process 2865 attached [pid 2865] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2865] chdir("./503") = 0 [pid 2865] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2865] setpgid(0, 0) = 0 [pid 2865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2865] write(3, "1000", 4) = 4 [pid 2865] close(3) = 0 [pid 2865] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2865] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2865] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2865] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2866], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2866 [pid 2865] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2865] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2866 attached [pid 2866] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2866] memfd_create("syzkaller", 0) = 3 [pid 2866] ftruncate(3, 2097152) = 0 [pid 2866] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2866] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2866] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2866] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2866] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2866] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2866] mkdir("./file0", 0777) = 0 [pid 2866] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2866] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2866] ioctl(4, LOOP_CLR_FD) = 0 [pid 2866] close(4) = 0 [pid 2866] close(3) = 0 [pid 2866] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2865] <... futex resumed>) = 0 [pid 2865] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2865] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2866] <... futex resumed>) = 1 [pid 2866] chdir("./file0") = 0 [pid 2866] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2865] <... futex resumed>) = 0 [pid 2865] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2865] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2866] <... futex resumed>) = 1 [pid 2866] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2866] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2865] <... futex resumed>) = 0 [pid 2866] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2865] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2865] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2865] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2865] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2869], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2869 [pid 2865] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2865] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2866] <... futex resumed>) = 0 [pid 2866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2866] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2866] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2869 attached [pid 2869] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2869] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2869] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2865] <... futex resumed>) = 0 [pid 2865] exit_group(0 [pid 2866] <... futex resumed>) = ? [pid 2865] <... exit_group resumed>) = ? [pid 2866] +++ exited with 0 +++ [pid 2869] <... futex resumed>) = ? [pid 2869] +++ exited with 0 +++ [pid 2865] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2865, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./503", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./503", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./503/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./503/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./503/binderfs") = 0 umount2("./503/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./503/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./503/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./503/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./503/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./503/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./503") = 0 mkdir("./504", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2870 ./strace-static-x86_64: Process 2870 attached [pid 2870] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2870] chdir("./504") = 0 [pid 2870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2870] setpgid(0, 0) = 0 [pid 2870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2870] write(3, "1000", 4) = 4 [pid 2870] close(3) = 0 [pid 2870] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2870] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2870] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2870] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2871], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2871 [pid 2870] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2870] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2871 attached [pid 2871] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2871] memfd_create("syzkaller", 0) = 3 [pid 2871] ftruncate(3, 2097152) = 0 [pid 2871] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2871] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2871] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2871] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2871] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2871] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2871] mkdir("./file0", 0777) = 0 [pid 2871] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2871] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2871] ioctl(4, LOOP_CLR_FD) = 0 [pid 2871] close(4) = 0 [pid 2871] close(3) = 0 [pid 2871] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2870] <... futex resumed>) = 0 [pid 2870] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2870] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2871] <... futex resumed>) = 1 [pid 2871] chdir("./file0") = 0 [pid 2871] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2870] <... futex resumed>) = 0 [pid 2870] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2870] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2871] <... futex resumed>) = 1 [pid 2871] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2871] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2870] <... futex resumed>) = 0 [pid 2870] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2870] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2870] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2870] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2874], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2874 [pid 2870] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2870] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2871] <... futex resumed>) = 1 [pid 2871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2871] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2871] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2874 attached [pid 2874] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2874] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2874] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2870] <... futex resumed>) = 0 [pid 2870] exit_group(0 [pid 2871] <... futex resumed>) = ? [pid 2870] <... exit_group resumed>) = ? [pid 2871] +++ exited with 0 +++ [pid 2874] <... futex resumed>) = ? [pid 2874] +++ exited with 0 +++ [pid 2870] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2870, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./504", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./504", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./504/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./504/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./504/binderfs") = 0 umount2("./504/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./504/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./504/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./504/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./504/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./504/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./504") = 0 mkdir("./505", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2875 ./strace-static-x86_64: Process 2875 attached [pid 2875] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2875] chdir("./505") = 0 [pid 2875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2875] setpgid(0, 0) = 0 [pid 2875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2875] write(3, "1000", 4) = 4 [pid 2875] close(3) = 0 [pid 2875] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2875] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2875] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2875] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2875] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2876 attached , parent_tid=[2876], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2876 [pid 2875] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2875] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2876] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2876] memfd_create("syzkaller", 0) = 3 [pid 2876] ftruncate(3, 2097152) = 0 [pid 2876] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2876] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2876] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2876] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2876] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2876] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2876] mkdir("./file0", 0777) = 0 [pid 2876] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2876] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2876] ioctl(4, LOOP_CLR_FD) = 0 [pid 2876] close(4) = 0 [pid 2876] close(3) = 0 [pid 2876] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2875] <... futex resumed>) = 0 [pid 2875] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2875] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2876] chdir("./file0") = 0 [pid 2876] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2875] <... futex resumed>) = 0 [pid 2875] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2875] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2876] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2876] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2875] <... futex resumed>) = 0 [pid 2876] <... futex resumed>) = 1 [pid 2875] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2875] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2875] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2875] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2875] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2879 attached , parent_tid=[2879], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2879 [pid 2879] set_robust_list(0x7f697cdce9e0, 24 [pid 2875] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2879] <... set_robust_list resumed>) = 0 [pid 2875] <... futex resumed>) = 0 [pid 2879] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2875] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2876] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2879] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2879] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2875] <... futex resumed>) = 0 [pid 2879] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2876] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 2876] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2876] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2875] exit_group(0) = ? [pid 2876] <... futex resumed>) = ? [pid 2876] +++ exited with 0 +++ [pid 2879] <... futex resumed>) = ? [pid 2879] +++ exited with 0 +++ [pid 2875] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2875, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./505", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./505", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./505/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./505/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./505/binderfs") = 0 umount2("./505/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./505/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./505/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./505/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./505/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./505/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./505") = 0 mkdir("./506", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2880 ./strace-static-x86_64: Process 2880 attached [pid 2880] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2880] chdir("./506") = 0 [pid 2880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2880] setpgid(0, 0) = 0 [pid 2880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2880] write(3, "1000", 4) = 4 [pid 2880] close(3) = 0 [pid 2880] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2880] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2880] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2880] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2881], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2881 [pid 2880] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2880] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2881 attached [pid 2881] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2881] memfd_create("syzkaller", 0) = 3 [pid 2881] ftruncate(3, 2097152) = 0 [pid 2881] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2881] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2881] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2881] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2881] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2881] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2881] mkdir("./file0", 0777) = 0 [pid 2881] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2881] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2881] ioctl(4, LOOP_CLR_FD) = 0 [pid 2881] close(4) = 0 [pid 2881] close(3) = 0 [pid 2881] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2880] <... futex resumed>) = 0 [pid 2880] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2881] chdir("./file0") = 0 [pid 2880] <... futex resumed>) = 0 [pid 2880] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2881] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2880] <... futex resumed>) = 0 [pid 2881] <... futex resumed>) = 1 [pid 2880] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2881] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2880] <... futex resumed>) = 0 [pid 2880] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2881] <... openat resumed>) = 3 [pid 2881] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2880] <... futex resumed>) = 0 [pid 2881] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2880] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2881] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2880] <... futex resumed>) = 0 [pid 2880] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2881] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2880] <... futex resumed>) = 0 [pid 2880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2880] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2880] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2884], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2884 [pid 2880] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2880] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2881] <... write resumed>) = 61 [pid 2881] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2881] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2884 attached [pid 2884] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2884] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2884] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2880] <... futex resumed>) = 0 [pid 2884] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2880] exit_group(0) = ? [pid 2884] <... futex resumed>) = ? [pid 2884] +++ exited with 0 +++ [pid 2881] <... futex resumed>) = ? [pid 2881] +++ exited with 0 +++ [pid 2880] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2880, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./506", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./506", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./506/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./506/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./506/binderfs") = 0 umount2("./506/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./506/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./506/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./506/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./506/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./506/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./506") = 0 mkdir("./507", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2885 ./strace-static-x86_64: Process 2885 attached [pid 2885] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2885] chdir("./507") = 0 [pid 2885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2885] setpgid(0, 0) = 0 [pid 2885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2885] write(3, "1000", 4) = 4 [pid 2885] close(3) = 0 [pid 2885] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2885] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2885] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2885] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2886 attached [pid 2886] set_robust_list(0x7f697cdef9e0, 24 [pid 2885] <... clone resumed>, parent_tid=[2886], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2886 [pid 2886] <... set_robust_list resumed>) = 0 [pid 2885] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2885] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2886] memfd_create("syzkaller", 0) = 3 [pid 2886] ftruncate(3, 2097152) = 0 [pid 2886] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2886] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2886] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2886] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2886] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2886] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2886] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2886] mkdir("./file0", 0777) = 0 [pid 2886] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2886] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2886] ioctl(4, LOOP_CLR_FD) = 0 [pid 2886] close(4) = 0 [pid 2886] close(3) = 0 [pid 2886] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2885] <... futex resumed>) = 0 [pid 2885] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2885] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2886] chdir("./file0") = 0 [pid 2886] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2885] <... futex resumed>) = 0 [pid 2885] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2885] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2886] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2886] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2885] <... futex resumed>) = 0 [pid 2885] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2885] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2885] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2885] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2889], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2889 [pid 2885] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2885] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2886] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2886] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2886] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2889 attached [pid 2889] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2889] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2889] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2885] <... futex resumed>) = 0 [pid 2885] exit_group(0) = ? [pid 2886] <... futex resumed>) = ? [pid 2886] +++ exited with 0 +++ [pid 2889] +++ exited with 0 +++ [pid 2885] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2885, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./507", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./507", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./507/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./507/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./507/binderfs") = 0 umount2("./507/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./507/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./507/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./507/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./507/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./507/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./507") = 0 mkdir("./508", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2890 ./strace-static-x86_64: Process 2890 attached [pid 2890] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2890] chdir("./508") = 0 [pid 2890] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2890] setpgid(0, 0) = 0 [pid 2890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2890] write(3, "1000", 4) = 4 [pid 2890] close(3) = 0 [pid 2890] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2890] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2890] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2890] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2891], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2891 [pid 2890] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2890] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2891 attached [pid 2891] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2891] memfd_create("syzkaller", 0) = 3 [pid 2891] ftruncate(3, 2097152) = 0 [pid 2891] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2891] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2891] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2891] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2891] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2891] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2891] mkdir("./file0", 0777) = 0 [pid 2891] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2891] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2891] ioctl(4, LOOP_CLR_FD) = 0 [pid 2891] close(4) = 0 [pid 2891] close(3) = 0 [pid 2891] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2890] <... futex resumed>) = 0 [pid 2891] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2890] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2890] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2891] <... futex resumed>) = 0 [pid 2891] chdir("./file0") = 0 [pid 2891] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2890] <... futex resumed>) = 0 [pid 2891] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2890] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2891] <... openat resumed>) = 3 [pid 2890] <... futex resumed>) = 0 [pid 2890] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2891] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2890] <... futex resumed>) = 0 [pid 2891] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2890] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2891] <... write resumed>) = 61 [pid 2890] <... futex resumed>) = 0 [pid 2891] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2890] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2891] <... futex resumed>) = 0 [pid 2890] <... futex resumed>) = 0 [pid 2891] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2890] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2890] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2894], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2894 [pid 2890] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2890] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2894 attached [pid 2894] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2894] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2894] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2890] <... futex resumed>) = 0 [pid 2890] exit_group(0 [pid 2891] <... futex resumed>) = ? [pid 2890] <... exit_group resumed>) = ? [pid 2891] +++ exited with 0 +++ [pid 2894] +++ exited with 0 +++ [pid 2890] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2890, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./508", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./508", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./508/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./508/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./508/binderfs") = 0 umount2("./508/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./508/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./508/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./508/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./508/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./508/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./508") = 0 mkdir("./509", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2895 ./strace-static-x86_64: Process 2895 attached [pid 2895] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2895] chdir("./509") = 0 [pid 2895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2895] setpgid(0, 0) = 0 [pid 2895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2895] write(3, "1000", 4) = 4 [pid 2895] close(3) = 0 [pid 2895] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2895] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2895] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2895] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2896], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2896 [pid 2895] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2895] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2896 attached [pid 2896] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2896] memfd_create("syzkaller", 0) = 3 [pid 2896] ftruncate(3, 2097152) = 0 [pid 2896] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2896] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2896] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2896] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2896] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2896] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2896] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2896] mkdir("./file0", 0777) = 0 [pid 2896] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2896] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2896] ioctl(4, LOOP_CLR_FD) = 0 [pid 2896] close(4) = 0 [pid 2896] close(3) = 0 [pid 2896] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2895] <... futex resumed>) = 0 [pid 2895] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2895] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2896] <... futex resumed>) = 1 [pid 2896] chdir("./file0") = 0 [pid 2896] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2895] <... futex resumed>) = 0 [pid 2895] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2895] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2896] <... futex resumed>) = 1 [pid 2896] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2896] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2895] <... futex resumed>) = 0 [pid 2895] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2895] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2895] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2895] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2899], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2899 [pid 2895] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2895] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2896] <... futex resumed>) = 1 [pid 2896] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2896] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2896] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2899 attached [pid 2899] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2899] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2899] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2895] <... futex resumed>) = 0 [pid 2895] exit_group(0) = ? [pid 2896] <... futex resumed>) = ? [pid 2896] +++ exited with 0 +++ [pid 2899] <... futex resumed>) = ? [pid 2899] +++ exited with 0 +++ [pid 2895] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2895, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./509", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./509", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./509/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./509/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./509/binderfs") = 0 umount2("./509/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./509/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./509/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./509/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./509/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./509/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./509") = 0 mkdir("./510", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2900 ./strace-static-x86_64: Process 2900 attached [pid 2900] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2900] chdir("./510") = 0 [pid 2900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2900] setpgid(0, 0) = 0 [pid 2900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2900] write(3, "1000", 4) = 4 [pid 2900] close(3) = 0 [pid 2900] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2900] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2900] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2900] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2901], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2901 [pid 2900] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2900] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2901 attached [pid 2901] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2901] memfd_create("syzkaller", 0) = 3 [pid 2901] ftruncate(3, 2097152) = 0 [pid 2901] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2901] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2901] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2901] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2901] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2901] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2901] mkdir("./file0", 0777) = 0 [pid 2901] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2901] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2901] ioctl(4, LOOP_CLR_FD) = 0 [pid 2901] close(4) = 0 [pid 2901] close(3) = 0 [pid 2901] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2900] <... futex resumed>) = 0 [pid 2901] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 2900] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2901] chdir("./file0" [pid 2900] <... futex resumed>) = 0 [pid 2901] <... chdir resumed>) = 0 [pid 2901] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2900] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2901] <... futex resumed>) = 0 [pid 2901] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2900] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2900] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2900] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2901] <... futex resumed>) = 0 [pid 2901] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2901] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2900] <... futex resumed>) = 0 [pid 2900] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2900] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2900] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2900] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2904], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2904 [pid 2900] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2900] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2901] <... futex resumed>) = 1 ./strace-static-x86_64: Process 2904 attached [pid 2901] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2904] set_robust_list(0x7f697cdce9e0, 24 [pid 2901] <... write resumed>) = 61 [pid 2901] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2901] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2904] <... set_robust_list resumed>) = 0 [pid 2904] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2904] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2900] <... futex resumed>) = 0 [pid 2900] exit_group(0) = ? [pid 2901] <... futex resumed>) = ? [pid 2901] +++ exited with 0 +++ [pid 2904] <... futex resumed>) = ? [pid 2904] +++ exited with 0 +++ [pid 2900] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2900, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./510", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./510", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./510/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./510/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./510/binderfs") = 0 umount2("./510/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./510/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./510/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./510/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./510/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./510/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./510") = 0 mkdir("./511", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2905 ./strace-static-x86_64: Process 2905 attached [pid 2905] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2905] chdir("./511") = 0 [pid 2905] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2905] setpgid(0, 0) = 0 [pid 2905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2905] write(3, "1000", 4) = 4 [pid 2905] close(3) = 0 [pid 2905] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2905] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2905] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2905] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2906], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2906 [pid 2905] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2906 attached ) = 0 [pid 2905] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2906] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2906] memfd_create("syzkaller", 0) = 3 [pid 2906] ftruncate(3, 2097152) = 0 [pid 2906] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2906] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2906] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2906] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2906] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2906] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2906] mkdir("./file0", 0777) = 0 [pid 2906] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2906] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2906] ioctl(4, LOOP_CLR_FD) = 0 [pid 2906] close(4) = 0 [pid 2906] close(3) = 0 [pid 2906] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2906] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2905] <... futex resumed>) = 0 [pid 2905] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2906] <... futex resumed>) = 0 [pid 2906] chdir("./file0") = 0 [pid 2905] <... futex resumed>) = 1 [pid 2906] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2905] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2906] <... futex resumed>) = 0 [pid 2905] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2906] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2905] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2905] <... futex resumed>) = 0 [pid 2906] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2905] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2906] <... openat resumed>) = 3 [pid 2906] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2905] <... futex resumed>) = 0 [pid 2906] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2905] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2905] <... futex resumed>) = 0 [pid 2906] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2905] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2906] <... write resumed>) = 61 [pid 2905] <... futex resumed>) = 0 [pid 2906] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2906] <... futex resumed>) = 0 [pid 2905] <... mmap resumed>) = 0x7f697cdae000 [pid 2906] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2905] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2905] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2909 attached [pid 2909] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2909] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2905] <... clone resumed>, parent_tid=[2909], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2909 [pid 2905] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2909] <... futex resumed>) = 0 [pid 2909] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2905] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2909] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2909] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2905] <... futex resumed>) = 0 [pid 2909] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2905] exit_group(0) = ? [pid 2906] <... futex resumed>) = ? [pid 2906] +++ exited with 0 +++ [pid 2909] <... futex resumed>) = ? [pid 2909] +++ exited with 0 +++ [pid 2905] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2905, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./511", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./511", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./511/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./511/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./511/binderfs") = 0 umount2("./511/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./511/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./511/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./511/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./511/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./511/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./511") = 0 mkdir("./512", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2910 ./strace-static-x86_64: Process 2910 attached [pid 2910] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2910] chdir("./512") = 0 [pid 2910] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2910] setpgid(0, 0) = 0 [pid 2910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2910] write(3, "1000", 4) = 4 [pid 2910] close(3) = 0 [pid 2910] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2910] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2910] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2910] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2911], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2911 ./strace-static-x86_64: Process 2911 attached [pid 2911] set_robust_list(0x7f697cdef9e0, 24 [pid 2910] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2911] <... set_robust_list resumed>) = 0 [pid 2910] <... futex resumed>) = 0 [pid 2911] memfd_create("syzkaller", 0 [pid 2910] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2911] <... memfd_create resumed>) = 3 [pid 2911] ftruncate(3, 2097152) = 0 [pid 2911] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2911] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2911] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2911] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2911] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2911] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2911] mkdir("./file0", 0777) = 0 [pid 2911] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2911] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2911] ioctl(4, LOOP_CLR_FD) = 0 [pid 2911] close(4) = 0 [pid 2911] close(3) = 0 [pid 2911] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2910] <... futex resumed>) = 0 [pid 2910] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2910] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2911] chdir("./file0") = 0 [pid 2911] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2910] <... futex resumed>) = 0 [pid 2911] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2910] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2910] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2911] <... openat resumed>) = 3 [pid 2911] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2910] <... futex resumed>) = 0 [pid 2911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2910] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2910] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2911] <... write resumed>) = 61 [pid 2910] <... futex resumed>) = 0 [pid 2910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2911] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2910] <... mmap resumed>) = 0x7f697cdae000 [pid 2910] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2911] <... futex resumed>) = 0 [pid 2910] <... mprotect resumed>) = 0 [pid 2910] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2911] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2914 attached [pid 2914] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2914] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2910] <... clone resumed>, parent_tid=[2914], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2914 [pid 2910] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2914] <... futex resumed>) = 0 [pid 2910] <... futex resumed>) = 1 [pid 2914] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2910] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2914] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2914] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2910] <... futex resumed>) = 0 [pid 2914] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2910] exit_group(0) = ? [pid 2914] <... futex resumed>) = ? [pid 2911] <... futex resumed>) = ? [pid 2914] +++ exited with 0 +++ [pid 2911] +++ exited with 0 +++ [pid 2910] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2910, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./512", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./512", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./512/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./512/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./512/binderfs") = 0 umount2("./512/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./512/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./512/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./512/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./512/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./512/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./512") = 0 mkdir("./513", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2915 ./strace-static-x86_64: Process 2915 attached [pid 2915] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2915] chdir("./513") = 0 [pid 2915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2915] setpgid(0, 0) = 0 [pid 2915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2915] write(3, "1000", 4) = 4 [pid 2915] close(3) = 0 [pid 2915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2915] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2915] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2915] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2916], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2916 [pid 2915] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2915] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2916 attached [pid 2916] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2916] memfd_create("syzkaller", 0) = 3 [pid 2916] ftruncate(3, 2097152) = 0 [pid 2916] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2916] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2916] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2916] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2916] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2916] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2916] mkdir("./file0", 0777) = 0 [pid 2916] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2916] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2916] ioctl(4, LOOP_CLR_FD) = 0 [pid 2916] close(4) = 0 [pid 2916] close(3) = 0 [pid 2916] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2915] <... futex resumed>) = 0 [pid 2915] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2915] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2916] <... futex resumed>) = 1 [pid 2916] chdir("./file0") = 0 [pid 2916] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2915] <... futex resumed>) = 0 [pid 2915] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2915] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2916] <... futex resumed>) = 1 [pid 2916] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2916] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2915] <... futex resumed>) = 0 [pid 2915] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2915] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2915] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2915] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2919], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2919 [pid 2915] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2915] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2916] <... futex resumed>) = 1 [pid 2916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2916] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2916] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2919 attached [pid 2919] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2919] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2919] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2915] <... futex resumed>) = 0 [pid 2915] exit_group(0 [pid 2916] <... futex resumed>) = ? [pid 2915] <... exit_group resumed>) = ? [pid 2916] +++ exited with 0 +++ [pid 2919] <... futex resumed>) = ? [pid 2919] +++ exited with 0 +++ [pid 2915] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2915, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./513", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./513", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./513/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./513/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./513/binderfs") = 0 umount2("./513/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./513/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./513/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./513/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./513/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./513/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./513") = 0 mkdir("./514", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2920 ./strace-static-x86_64: Process 2920 attached [pid 2920] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2920] chdir("./514") = 0 [pid 2920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2920] setpgid(0, 0) = 0 [pid 2920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2920] write(3, "1000", 4) = 4 [pid 2920] close(3) = 0 [pid 2920] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2920] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2920] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2920] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2921], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2921 [pid 2920] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2920] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2921 attached [pid 2921] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2921] memfd_create("syzkaller", 0) = 3 [pid 2921] ftruncate(3, 2097152) = 0 [pid 2921] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2921] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2921] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2921] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2921] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2921] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2921] mkdir("./file0", 0777) = 0 [pid 2921] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2921] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2921] ioctl(4, LOOP_CLR_FD) = 0 [pid 2921] close(4) = 0 [pid 2921] close(3) = 0 [pid 2921] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2920] <... futex resumed>) = 0 [pid 2920] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2921] chdir("./file0" [pid 2920] <... futex resumed>) = 0 [pid 2921] <... chdir resumed>) = 0 [pid 2920] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2921] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2920] <... futex resumed>) = 0 [pid 2920] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2920] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2921] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2921] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2920] <... futex resumed>) = 0 [pid 2920] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2920] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2921] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2920] <... mmap resumed>) = 0x7f697cdae000 [pid 2921] <... write resumed>) = 61 [pid 2920] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2921] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2920] <... mprotect resumed>) = 0 [pid 2921] <... futex resumed>) = 0 [pid 2920] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2921] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2920] <... clone resumed>, parent_tid=[2924], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2924 [pid 2920] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2920] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2924 attached [pid 2924] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2924] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2924] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2920] <... futex resumed>) = 0 [pid 2920] exit_group(0 [pid 2921] <... futex resumed>) = ? [pid 2920] <... exit_group resumed>) = ? [pid 2921] +++ exited with 0 +++ [pid 2924] <... futex resumed>) = ? [pid 2924] +++ exited with 0 +++ [pid 2920] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2920, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./514", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./514", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./514/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./514/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./514/binderfs") = 0 umount2("./514/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./514/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./514/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./514/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./514/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./514/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./514") = 0 mkdir("./515", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2925 ./strace-static-x86_64: Process 2925 attached [pid 2925] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2925] chdir("./515") = 0 [pid 2925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2925] setpgid(0, 0) = 0 [pid 2925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2925] write(3, "1000", 4) = 4 [pid 2925] close(3) = 0 [pid 2925] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2925] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2925] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2925] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2926], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2926 [pid 2925] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2925] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2926 attached [pid 2926] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2926] memfd_create("syzkaller", 0) = 3 [pid 2926] ftruncate(3, 2097152) = 0 [pid 2926] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2926] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2926] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2926] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2926] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2926] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2926] mkdir("./file0", 0777) = 0 [pid 2926] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2926] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2926] ioctl(4, LOOP_CLR_FD) = 0 [pid 2926] close(4) = 0 [pid 2926] close(3) = 0 [pid 2926] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2925] <... futex resumed>) = 0 [pid 2925] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2926] chdir("./file0" [pid 2925] <... futex resumed>) = 0 [pid 2926] <... chdir resumed>) = 0 [pid 2926] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2925] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2926] <... futex resumed>) = 0 [pid 2926] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2925] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2925] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2926] <... futex resumed>) = 0 [pid 2926] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2926] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2925] <... futex resumed>) = 0 [pid 2925] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2925] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2925] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2925] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2929], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2929 [pid 2925] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2925] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2926] <... futex resumed>) = 1 [pid 2926] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2926] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2926] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2929 attached [pid 2929] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2929] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2929] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2925] <... futex resumed>) = 0 [pid 2925] exit_group(0 [pid 2926] <... futex resumed>) = ? [pid 2925] <... exit_group resumed>) = ? [pid 2926] +++ exited with 0 +++ [pid 2929] <... futex resumed>) = ? [pid 2929] +++ exited with 0 +++ [pid 2925] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2925, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./515", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./515", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./515/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./515/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./515/binderfs") = 0 umount2("./515/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./515/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./515/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./515/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./515/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./515/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./515") = 0 mkdir("./516", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2930 ./strace-static-x86_64: Process 2930 attached [pid 2930] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2930] chdir("./516") = 0 [pid 2930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2930] setpgid(0, 0) = 0 [pid 2930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2930] write(3, "1000", 4) = 4 [pid 2930] close(3) = 0 [pid 2930] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2930] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2930] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2930] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2931 attached , parent_tid=[2931], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2931 [pid 2930] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2930] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2931] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2931] memfd_create("syzkaller", 0) = 3 [pid 2931] ftruncate(3, 2097152) = 0 [pid 2931] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2931] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2931] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2931] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2931] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2931] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2931] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2931] mkdir("./file0", 0777) = 0 [pid 2931] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2931] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2931] ioctl(4, LOOP_CLR_FD) = 0 [pid 2931] close(4) = 0 [pid 2931] close(3) = 0 [pid 2931] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2930] <... futex resumed>) = 0 [pid 2930] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2930] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2931] <... futex resumed>) = 1 [pid 2931] chdir("./file0") = 0 [pid 2931] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2930] <... futex resumed>) = 0 [pid 2930] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2930] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2931] <... futex resumed>) = 1 [pid 2931] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2931] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2930] <... futex resumed>) = 0 [pid 2930] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2930] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2930] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2930] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2934], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2934 [pid 2930] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2930] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2931] <... futex resumed>) = 1 [pid 2931] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2931] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2931] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2934 attached [pid 2934] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2934] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2934] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2930] <... futex resumed>) = 0 [pid 2930] exit_group(0) = ? [pid 2931] <... futex resumed>) = ? [pid 2931] +++ exited with 0 +++ [pid 2934] <... futex resumed>) = ? [pid 2934] +++ exited with 0 +++ [pid 2930] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2930, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./516", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./516", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./516/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./516/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./516/binderfs") = 0 umount2("./516/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./516/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./516/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./516/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./516/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./516/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./516") = 0 mkdir("./517", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2935 ./strace-static-x86_64: Process 2935 attached [pid 2935] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2935] chdir("./517") = 0 [pid 2935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2935] setpgid(0, 0) = 0 [pid 2935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2935] write(3, "1000", 4) = 4 [pid 2935] close(3) = 0 [pid 2935] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2935] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2935] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2935] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2936 attached , parent_tid=[2936], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2936 [pid 2935] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2935] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2936] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2936] memfd_create("syzkaller", 0) = 3 [pid 2936] ftruncate(3, 2097152) = 0 [pid 2936] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2936] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2936] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2936] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2936] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2936] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2936] mkdir("./file0", 0777) = 0 [pid 2936] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2936] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2936] ioctl(4, LOOP_CLR_FD) = 0 [pid 2936] close(4) = 0 [pid 2936] close(3) = 0 [pid 2936] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2936] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2935] <... futex resumed>) = 0 [pid 2935] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2935] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2936] <... futex resumed>) = 0 [pid 2936] chdir("./file0") = 0 [pid 2936] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2935] <... futex resumed>) = 0 [pid 2935] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2935] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2936] <... futex resumed>) = 1 [pid 2936] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2936] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2935] <... futex resumed>) = 0 [pid 2935] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2935] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2935] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2935] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2939], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2939 [pid 2935] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2935] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2936] <... futex resumed>) = 1 ./strace-static-x86_64: Process 2939 attached [pid 2939] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2939] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2936] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2939] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2939] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2935] <... futex resumed>) = 0 [pid 2939] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2936] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 2936] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2936] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2935] exit_group(0) = ? [pid 2936] <... futex resumed>) = ? [pid 2936] +++ exited with 0 +++ [pid 2939] <... futex resumed>) = ? [pid 2939] +++ exited with 0 +++ [pid 2935] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2935, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./517", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./517", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./517/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./517/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./517/binderfs") = 0 umount2("./517/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./517/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./517/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./517/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./517/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./517/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./517") = 0 mkdir("./518", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2940 ./strace-static-x86_64: Process 2940 attached [pid 2940] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2940] chdir("./518") = 0 [pid 2940] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2940] setpgid(0, 0) = 0 [pid 2940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2940] write(3, "1000", 4) = 4 [pid 2940] close(3) = 0 [pid 2940] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2940] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2940] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2940] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2940] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2941], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2941 [pid 2940] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2940] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2941 attached [pid 2941] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2941] memfd_create("syzkaller", 0) = 3 [pid 2941] ftruncate(3, 2097152) = 0 [pid 2941] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2941] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2941] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2941] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2941] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2941] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2941] mkdir("./file0", 0777) = 0 [pid 2941] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2941] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2941] ioctl(4, LOOP_CLR_FD) = 0 [pid 2941] close(4) = 0 [pid 2941] close(3) = 0 [pid 2941] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2940] <... futex resumed>) = 0 [pid 2940] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2940] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2941] chdir("./file0") = 0 [pid 2941] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2940] <... futex resumed>) = 0 [pid 2940] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2940] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2941] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2941] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2940] <... futex resumed>) = 0 [pid 2940] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2940] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2940] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2941] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2940] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2941] <... write resumed>) = 61 [pid 2940] <... mprotect resumed>) = 0 [pid 2941] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2940] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2944 attached [pid 2941] <... futex resumed>) = 0 [pid 2940] <... clone resumed>, parent_tid=[2944], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2944 [pid 2944] set_robust_list(0x7f697cdce9e0, 24 [pid 2941] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2940] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2944] <... set_robust_list resumed>) = 0 [pid 2940] <... futex resumed>) = 0 [pid 2940] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2944] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2944] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2940] <... futex resumed>) = 0 [pid 2944] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2940] exit_group(0) = ? [pid 2941] <... futex resumed>) = ? [pid 2944] <... futex resumed>) = ? [pid 2944] +++ exited with 0 +++ [pid 2941] +++ exited with 0 +++ [pid 2940] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2940, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./518", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./518", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./518/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./518/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./518/binderfs") = 0 umount2("./518/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./518/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./518/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./518/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./518/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./518/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./518") = 0 mkdir("./519", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2945 ./strace-static-x86_64: Process 2945 attached [pid 2945] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2945] chdir("./519") = 0 [pid 2945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2945] setpgid(0, 0) = 0 [pid 2945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2945] write(3, "1000", 4) = 4 [pid 2945] close(3) = 0 [pid 2945] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2945] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2945] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2945] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2946], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2946 ./strace-static-x86_64: Process 2946 attached [pid 2946] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2946] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2945] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2946] <... futex resumed>) = 0 [pid 2945] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2946] memfd_create("syzkaller", 0) = 3 [pid 2946] ftruncate(3, 2097152) = 0 [pid 2946] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2946] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2946] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2946] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2946] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2946] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2946] mkdir("./file0", 0777) = 0 [pid 2946] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2946] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2946] ioctl(4, LOOP_CLR_FD) = 0 [pid 2946] close(4) = 0 [pid 2946] close(3) = 0 [pid 2946] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2945] <... futex resumed>) = 0 [pid 2946] chdir("./file0" [pid 2945] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2946] <... chdir resumed>) = 0 [pid 2945] <... futex resumed>) = 0 [pid 2946] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2945] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2946] <... futex resumed>) = 0 [pid 2945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2945] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2946] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2945] <... futex resumed>) = 0 [pid 2945] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2946] <... openat resumed>) = 3 [pid 2946] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2945] <... futex resumed>) = 0 [pid 2946] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2945] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2946] <... write resumed>) = 61 [pid 2945] <... futex resumed>) = 0 [pid 2946] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2945] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2946] <... futex resumed>) = 0 [pid 2945] <... futex resumed>) = 0 [pid 2946] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2945] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2945] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2949 attached , parent_tid=[2949], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2949 [pid 2949] set_robust_list(0x7f697cdce9e0, 24 [pid 2945] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2949] <... set_robust_list resumed>) = 0 [pid 2945] <... futex resumed>) = 0 [pid 2949] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2945] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2949] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2949] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2945] <... futex resumed>) = 0 [pid 2949] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2945] exit_group(0) = ? [pid 2949] <... futex resumed>) = ? [pid 2949] +++ exited with 0 +++ [pid 2946] <... futex resumed>) = ? [pid 2946] +++ exited with 0 +++ [pid 2945] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2945, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./519", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./519", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./519/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./519/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./519/binderfs") = 0 umount2("./519/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./519/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./519/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./519/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./519/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./519/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./519") = 0 mkdir("./520", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2950 ./strace-static-x86_64: Process 2950 attached [pid 2950] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2950] chdir("./520") = 0 [pid 2950] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2950] setpgid(0, 0) = 0 [pid 2950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2950] write(3, "1000", 4) = 4 [pid 2950] close(3) = 0 [pid 2950] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2950] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2950] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2950] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2951], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2951 ./strace-static-x86_64: Process 2951 attached [pid 2950] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2951] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2951] memfd_create("syzkaller", 0) = 3 [pid 2951] ftruncate(3, 2097152) = 0 [pid 2951] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2951] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2951] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2951] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2951] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2951] ioctl(4, LOOP_SET_FD, 3 [pid 2950] <... futex resumed>) = 0 [pid 2951] <... ioctl resumed>) = 0 [pid 2951] mkdir("./file0", 0777) = 0 [pid 2951] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue" [pid 2950] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2951] <... mount resumed>) = 0 [pid 2951] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2951] ioctl(4, LOOP_CLR_FD) = 0 [pid 2951] close(4) = 0 [pid 2951] close(3) = 0 [pid 2951] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2950] <... futex resumed>) = 0 [pid 2950] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2950] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2951] chdir("./file0") = 0 [pid 2951] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2950] <... futex resumed>) = 0 [pid 2950] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2950] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2951] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2951] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2950] <... futex resumed>) = 0 [pid 2950] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2950] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2950] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2950] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2951] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2950] <... clone resumed>, parent_tid=[2954], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2954 [pid 2950] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2950] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2954 attached [pid 2954] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2954] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2951] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 2954] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2951] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2950] <... futex resumed>) = 0 [pid 2950] exit_group(0) = ? [pid 2954] <... futex resumed>) = ? [pid 2951] <... futex resumed>) = ? [pid 2951] +++ exited with 0 +++ [pid 2954] +++ exited with 0 +++ [pid 2950] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2950, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./520", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./520", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./520/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./520/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./520/binderfs") = 0 umount2("./520/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./520/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./520/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./520/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./520/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./520/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./520") = 0 mkdir("./521", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2955 ./strace-static-x86_64: Process 2955 attached [pid 2955] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2955] chdir("./521") = 0 [pid 2955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2955] setpgid(0, 0) = 0 [pid 2955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2955] write(3, "1000", 4) = 4 [pid 2955] close(3) = 0 [pid 2955] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2955] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2955] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2955] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2956 attached [pid 2956] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2956] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2955] <... clone resumed>, parent_tid=[2956], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2956 [pid 2955] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2956] <... futex resumed>) = 0 [pid 2956] memfd_create("syzkaller", 0 [pid 2955] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2956] <... memfd_create resumed>) = 3 [pid 2956] ftruncate(3, 2097152) = 0 [pid 2956] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2956] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2956] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2956] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2956] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2956] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2956] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2956] mkdir("./file0", 0777) = 0 [pid 2956] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2956] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2956] ioctl(4, LOOP_CLR_FD) = 0 [pid 2956] close(4) = 0 [pid 2956] close(3) = 0 [pid 2956] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2955] <... futex resumed>) = 0 [pid 2956] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2955] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2956] <... futex resumed>) = 0 [pid 2955] <... futex resumed>) = 1 [pid 2956] chdir("./file0" [pid 2955] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2956] <... chdir resumed>) = 0 [pid 2956] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2955] <... futex resumed>) = 0 [pid 2956] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2955] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2956] <... openat resumed>) = 3 [pid 2955] <... futex resumed>) = 0 [pid 2956] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2955] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2956] <... futex resumed>) = 0 [pid 2955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2956] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2955] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2956] <... write resumed>) = 61 [pid 2955] <... futex resumed>) = 0 [pid 2956] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2955] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2956] <... futex resumed>) = 0 [pid 2955] <... futex resumed>) = 0 [pid 2956] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2955] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2955] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2959], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2959 [pid 2955] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2955] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2959 attached [pid 2959] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2959] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2959] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2955] <... futex resumed>) = 0 [pid 2955] exit_group(0 [pid 2956] <... futex resumed>) = ? [pid 2955] <... exit_group resumed>) = ? [pid 2956] +++ exited with 0 +++ [pid 2959] <... futex resumed>) = ? [pid 2959] +++ exited with 0 +++ [pid 2955] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2955, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./521", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./521", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./521/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./521/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./521/binderfs") = 0 umount2("./521/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./521/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./521/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./521/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./521/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./521/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./521") = 0 mkdir("./522", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2960 ./strace-static-x86_64: Process 2960 attached [pid 2960] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2960] chdir("./522") = 0 [pid 2960] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2960] setpgid(0, 0) = 0 [pid 2960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2960] write(3, "1000", 4) = 4 [pid 2960] close(3) = 0 [pid 2960] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2960] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2960] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2960] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2961], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2961 [pid 2960] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2960] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2961 attached [pid 2961] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2961] memfd_create("syzkaller", 0) = 3 [pid 2961] ftruncate(3, 2097152) = 0 [pid 2961] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2961] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2961] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2961] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2961] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2961] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2961] mkdir("./file0", 0777) = 0 [pid 2961] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2961] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2961] ioctl(4, LOOP_CLR_FD) = 0 [pid 2961] close(4) = 0 [pid 2961] close(3) = 0 [pid 2961] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2960] <... futex resumed>) = 0 [pid 2961] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2960] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2961] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2960] <... futex resumed>) = 0 [pid 2961] chdir("./file0" [pid 2960] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2961] <... chdir resumed>) = 0 [pid 2961] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2960] <... futex resumed>) = 0 [pid 2961] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2960] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2961] <... openat resumed>) = 3 [pid 2960] <... futex resumed>) = 0 [pid 2961] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2960] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2961] <... futex resumed>) = 0 [pid 2961] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2960] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2960] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2961] <... futex resumed>) = 0 [pid 2960] <... futex resumed>) = 1 [pid 2961] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2961] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2961] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2960] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2961] <... futex resumed>) = 0 [pid 2960] <... futex resumed>) = 1 [pid 2961] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 2960] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2961] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 2961] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2960] <... futex resumed>) = 0 [pid 2960] exit_group(0) = ? [pid 2961] +++ exited with 0 +++ [pid 2960] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2960, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./522", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./522", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./522/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./522/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./522/binderfs") = 0 umount2("./522/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./522/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./522/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./522/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./522/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./522/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./522") = 0 mkdir("./523", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2964 ./strace-static-x86_64: Process 2964 attached [pid 2964] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2964] chdir("./523") = 0 [pid 2964] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2964] setpgid(0, 0) = 0 [pid 2964] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2964] write(3, "1000", 4) = 4 [pid 2964] close(3) = 0 [pid 2964] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2964] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2964] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2964] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2964] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2965 attached , parent_tid=[2965], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2965 [pid 2965] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2965] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2964] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2965] <... futex resumed>) = 0 [pid 2965] memfd_create("syzkaller", 0 [pid 2964] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2965] <... memfd_create resumed>) = 3 [pid 2965] ftruncate(3, 2097152) = 0 [pid 2965] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2965] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2965] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2965] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2965] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2965] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2965] mkdir("./file0", 0777) = 0 [pid 2965] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2965] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2965] ioctl(4, LOOP_CLR_FD) = 0 [pid 2965] close(4) = 0 [pid 2965] close(3) = 0 [pid 2965] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2965] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2964] <... futex resumed>) = 0 [pid 2964] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2965] <... futex resumed>) = 0 [pid 2965] chdir("./file0") = 0 [pid 2965] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2965] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2964] <... futex resumed>) = 1 [pid 2964] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2964] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2965] <... futex resumed>) = 0 [pid 2965] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2965] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2965] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2964] <... futex resumed>) = 1 [pid 2964] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2964] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2965] <... futex resumed>) = 0 [pid 2965] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2965] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2965] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2964] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2965] <... futex resumed>) = 0 [pid 2965] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2965] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2965] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2964] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2964] exit_group(0) = ? [pid 2965] <... futex resumed>) = ? [pid 2965] +++ exited with 0 +++ [pid 2964] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2964, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./523", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./523", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./523/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./523/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./523/binderfs") = 0 umount2("./523/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./523/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./523/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./523/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./523/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./523/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./523") = 0 mkdir("./524", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2968 ./strace-static-x86_64: Process 2968 attached [pid 2968] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2968] chdir("./524") = 0 [pid 2968] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2968] setpgid(0, 0) = 0 [pid 2968] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2968] write(3, "1000", 4) = 4 [pid 2968] close(3) = 0 [pid 2968] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2968] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2968] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2968] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2969], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2969 [pid 2968] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2968] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2969 attached [pid 2969] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2969] memfd_create("syzkaller", 0) = 3 [pid 2969] ftruncate(3, 2097152) = 0 [pid 2969] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2969] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2969] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2969] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2969] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2969] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2969] mkdir("./file0", 0777) = 0 [pid 2969] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2969] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2969] ioctl(4, LOOP_CLR_FD) = 0 [pid 2969] close(4) = 0 [pid 2969] close(3) = 0 [pid 2969] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2968] <... futex resumed>) = 0 [pid 2968] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2968] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2969] <... futex resumed>) = 1 [pid 2969] chdir("./file0") = 0 [pid 2969] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2968] <... futex resumed>) = 0 [pid 2968] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2968] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2969] <... futex resumed>) = 1 [pid 2969] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2969] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2968] <... futex resumed>) = 0 [pid 2968] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2968] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2968] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2968] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2972], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2972 [pid 2968] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2968] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2969] <... futex resumed>) = 1 [pid 2969] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2969] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2969] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2972 attached [pid 2972] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2972] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2972] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2968] <... futex resumed>) = 0 [pid 2968] exit_group(0 [pid 2969] <... futex resumed>) = ? [pid 2968] <... exit_group resumed>) = ? [pid 2969] +++ exited with 0 +++ [pid 2972] <... futex resumed>) = ? [pid 2972] +++ exited with 0 +++ [pid 2968] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2968, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./524", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./524", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./524/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./524/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./524/binderfs") = 0 umount2("./524/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./524/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./524/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./524/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./524/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./524/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./524") = 0 mkdir("./525", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2973 ./strace-static-x86_64: Process 2973 attached [pid 2973] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2973] chdir("./525") = 0 [pid 2973] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2973] setpgid(0, 0) = 0 [pid 2973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2973] write(3, "1000", 4) = 4 [pid 2973] close(3) = 0 [pid 2973] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2973] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2973] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2973] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2974], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2974 [pid 2973] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2974 attached ) = 0 [pid 2973] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2974] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2974] memfd_create("syzkaller", 0) = 3 [pid 2974] ftruncate(3, 2097152) = 0 [pid 2974] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2974] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2974] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2974] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2974] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2974] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2974] mkdir("./file0", 0777) = 0 [pid 2974] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2974] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2974] ioctl(4, LOOP_CLR_FD) = 0 [pid 2974] close(4) = 0 [pid 2974] close(3) = 0 [pid 2974] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2973] <... futex resumed>) = 0 [pid 2973] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2973] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2974] <... futex resumed>) = 1 [pid 2974] chdir("./file0") = 0 [pid 2974] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2973] <... futex resumed>) = 0 [pid 2973] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2973] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2974] <... futex resumed>) = 1 [pid 2974] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2974] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2973] <... futex resumed>) = 0 [pid 2973] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2973] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2973] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2973] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2977], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2977 ./strace-static-x86_64: Process 2977 attached [pid 2973] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2973] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2974] <... futex resumed>) = 1 [pid 2974] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2974] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2974] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2977] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2977] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2977] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2973] <... futex resumed>) = 0 [pid 2973] exit_group(0) = ? [pid 2974] <... futex resumed>) = ? [pid 2974] +++ exited with 0 +++ [pid 2977] <... futex resumed>) = ? [pid 2977] +++ exited with 0 +++ [pid 2973] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2973, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./525", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./525", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./525/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./525/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./525/binderfs") = 0 umount2("./525/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./525/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./525/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./525/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./525/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./525/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./525") = 0 mkdir("./526", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2978 ./strace-static-x86_64: Process 2978 attached [pid 2978] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2978] chdir("./526") = 0 [pid 2978] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2978] setpgid(0, 0) = 0 [pid 2978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2978] write(3, "1000", 4) = 4 [pid 2978] close(3) = 0 [pid 2978] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2978] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2978] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2978] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2979], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2979 [pid 2978] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2979 attached [pid 2978] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2979] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2979] memfd_create("syzkaller", 0) = 3 [pid 2979] ftruncate(3, 2097152) = 0 [pid 2979] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2979] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2979] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2979] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2979] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2979] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2979] mkdir("./file0", 0777) = 0 [pid 2979] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2979] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2979] ioctl(4, LOOP_CLR_FD) = 0 [pid 2979] close(4) = 0 [pid 2979] close(3) = 0 [pid 2979] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2979] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2978] <... futex resumed>) = 0 [pid 2978] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2979] <... futex resumed>) = 0 [pid 2979] chdir("./file0") = 0 [pid 2979] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2979] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2978] <... futex resumed>) = 1 [pid 2978] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2978] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2979] <... futex resumed>) = 0 [pid 2979] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2978] <... futex resumed>) = 1 [pid 2979] <... openat resumed>) = 3 [pid 2978] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2979] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2979] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2978] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2979] <... futex resumed>) = 0 [pid 2979] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 2978] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2979] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2979] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2978] <... futex resumed>) = 0 [pid 2978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2978] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2978] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2982 attached , parent_tid=[2982], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2982 [pid 2978] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2978] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2982] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2982] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2982] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2978] <... futex resumed>) = 0 [pid 2978] exit_group(0 [pid 2979] <... futex resumed>) = ? [pid 2978] <... exit_group resumed>) = ? [pid 2979] +++ exited with 0 +++ [pid 2982] +++ exited with 0 +++ [pid 2978] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2978, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./526", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./526", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./526/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./526/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./526/binderfs") = 0 umount2("./526/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./526/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./526/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./526/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./526/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./526/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./526") = 0 mkdir("./527", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2983 ./strace-static-x86_64: Process 2983 attached [pid 2983] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2983] chdir("./527") = 0 [pid 2983] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2983] setpgid(0, 0) = 0 [pid 2983] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2983] write(3, "1000", 4) = 4 [pid 2983] close(3) = 0 [pid 2983] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2983] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2983] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2983] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2983] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2984], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2984 [pid 2983] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2983] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2984 attached [pid 2984] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2984] memfd_create("syzkaller", 0) = 3 [pid 2984] ftruncate(3, 2097152) = 0 [pid 2984] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2984] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2984] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2984] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2984] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2984] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2984] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2984] mkdir("./file0", 0777) = 0 [pid 2984] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2984] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2984] ioctl(4, LOOP_CLR_FD) = 0 [pid 2984] close(4) = 0 [pid 2984] close(3) = 0 [pid 2984] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2983] <... futex resumed>) = 0 [pid 2983] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2983] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2984] <... futex resumed>) = 1 [pid 2984] chdir("./file0") = 0 [pid 2984] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2983] <... futex resumed>) = 0 [pid 2983] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2983] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2984] <... futex resumed>) = 1 [pid 2984] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2984] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2983] <... futex resumed>) = 0 [pid 2983] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2983] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2983] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2983] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2983] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2987], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2987 ./strace-static-x86_64: Process 2987 attached [pid 2983] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2983] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2987] set_robust_list(0x7f697cdce9e0, 24 [pid 2984] <... futex resumed>) = 1 [pid 2984] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2987] <... set_robust_list resumed>) = 0 [pid 2984] <... write resumed>) = 61 [pid 2984] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2984] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2987] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2987] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2983] <... futex resumed>) = 0 [pid 2983] exit_group(0) = ? [pid 2984] <... futex resumed>) = ? [pid 2984] +++ exited with 0 +++ [pid 2987] <... futex resumed>) = ? [pid 2987] +++ exited with 0 +++ [pid 2983] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2983, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./527", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./527", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./527/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./527/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./527/binderfs") = 0 umount2("./527/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./527/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./527/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./527/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./527/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./527/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./527") = 0 mkdir("./528", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2988 ./strace-static-x86_64: Process 2988 attached [pid 2988] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2988] chdir("./528") = 0 [pid 2988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2988] setpgid(0, 0) = 0 [pid 2988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2988] write(3, "1000", 4) = 4 [pid 2988] close(3) = 0 [pid 2988] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2988] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2988] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2988] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2989], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2989 [pid 2988] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2988] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2989 attached [pid 2989] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2989] memfd_create("syzkaller", 0) = 3 [pid 2989] ftruncate(3, 2097152) = 0 [pid 2989] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2989] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2989] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2989] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2989] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2989] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2989] mkdir("./file0", 0777) = 0 [pid 2989] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2989] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2989] ioctl(4, LOOP_CLR_FD) = 0 [pid 2989] close(4) = 0 [pid 2989] close(3) = 0 [pid 2989] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2988] <... futex resumed>) = 0 [pid 2989] chdir("./file0" [pid 2988] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2989] <... chdir resumed>) = 0 [pid 2988] <... futex resumed>) = 0 [pid 2989] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2989] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2988] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2988] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2989] <... futex resumed>) = 0 [pid 2988] <... futex resumed>) = 1 [pid 2989] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2988] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2989] <... openat resumed>) = 3 [pid 2989] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2988] <... futex resumed>) = 0 [pid 2989] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2988] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2989] <... write resumed>) = 61 [pid 2988] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2989] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 2989] <... futex resumed>) = 0 [pid 2988] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2989] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2988] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2992], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2992 [pid 2988] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2988] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2992 attached [pid 2992] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2992] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2992] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2988] <... futex resumed>) = 0 [pid 2988] exit_group(0 [pid 2989] <... futex resumed>) = ? [pid 2988] <... exit_group resumed>) = ? [pid 2989] +++ exited with 0 +++ [pid 2992] <... futex resumed>) = ? [pid 2992] +++ exited with 0 +++ [pid 2988] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2988, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./528", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./528", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./528/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./528/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./528/binderfs") = 0 umount2("./528/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./528/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./528/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./528/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./528/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./528/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./528") = 0 mkdir("./529", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2993 ./strace-static-x86_64: Process 2993 attached [pid 2993] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2993] chdir("./529") = 0 [pid 2993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2993] setpgid(0, 0) = 0 [pid 2993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2993] write(3, "1000", 4) = 4 [pid 2993] close(3) = 0 [pid 2993] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2993] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2993] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2993] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2994], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2994 [pid 2993] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2993] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2994 attached [pid 2994] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2994] memfd_create("syzkaller", 0) = 3 [pid 2994] ftruncate(3, 2097152) = 0 [pid 2994] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2994] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2994] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2994] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2994] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2994] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2994] mkdir("./file0", 0777) = 0 [pid 2994] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2994] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2994] ioctl(4, LOOP_CLR_FD) = 0 [pid 2994] close(4) = 0 [pid 2994] close(3) = 0 [pid 2994] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2993] <... futex resumed>) = 0 [pid 2994] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2993] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2994] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2993] <... futex resumed>) = 0 [pid 2994] chdir("./file0" [pid 2993] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2994] <... chdir resumed>) = 0 [pid 2994] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2993] <... futex resumed>) = 0 [pid 2994] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2993] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2994] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2993] <... futex resumed>) = 0 [pid 2994] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2993] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2994] <... openat resumed>) = 3 [pid 2994] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2993] <... futex resumed>) = 0 [pid 2994] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2993] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2994] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2993] <... futex resumed>) = 0 [pid 2994] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2993] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2994] <... write resumed>) = 61 [pid 2993] <... futex resumed>) = 0 [pid 2994] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2994] <... futex resumed>) = 0 [pid 2993] <... mmap resumed>) = 0x7f697cdae000 [pid 2993] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2993] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2997], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 2997 [pid 2993] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2994] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2993] <... futex resumed>) = 0 [pid 2993] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2997 attached [pid 2997] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 2997] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 2997] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2993] <... futex resumed>) = 0 [pid 2993] exit_group(0 [pid 2994] <... futex resumed>) = ? [pid 2993] <... exit_group resumed>) = ? [pid 2994] +++ exited with 0 +++ [pid 2997] <... futex resumed>) = ? [pid 2997] +++ exited with 0 +++ [pid 2993] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2993, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./529", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./529", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./529/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./529/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./529/binderfs") = 0 umount2("./529/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./529/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./529/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./529/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./529/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./529/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./529") = 0 mkdir("./530", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 2998 ./strace-static-x86_64: Process 2998 attached [pid 2998] set_robust_list(0x555555cf25e0, 24) = 0 [pid 2998] chdir("./530") = 0 [pid 2998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2998] setpgid(0, 0) = 0 [pid 2998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2998] write(3, "1000", 4) = 4 [pid 2998] close(3) = 0 [pid 2998] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2998] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 2998] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2998] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2999], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 2999 [pid 2998] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2998] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2999 attached [pid 2999] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 2999] memfd_create("syzkaller", 0) = 3 [pid 2999] ftruncate(3, 2097152) = 0 [pid 2999] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2999] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2999] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2999] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2999] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2999] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2999] mkdir("./file0", 0777) = 0 [pid 2999] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2999] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2999] ioctl(4, LOOP_CLR_FD) = 0 [pid 2999] close(4) = 0 [pid 2999] close(3) = 0 [pid 2999] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2998] <... futex resumed>) = 0 [pid 2998] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2998] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2999] <... futex resumed>) = 1 [pid 2999] chdir("./file0") = 0 [pid 2999] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2998] <... futex resumed>) = 0 [pid 2998] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2998] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2999] <... futex resumed>) = 1 [pid 2999] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 2999] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2998] <... futex resumed>) = 0 [pid 2998] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2999] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 2998] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2999] <... write resumed>) = 61 [pid 2998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2999] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2998] <... mmap resumed>) = 0x7f697cdae000 [pid 2999] <... futex resumed>) = 0 [pid 2998] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 2999] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2998] <... mprotect resumed>) = 0 [pid 2998] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3002], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3002 [pid 2998] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2998] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3002 attached [pid 3002] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3002] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3002] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2998] <... futex resumed>) = 0 [pid 3002] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2998] exit_group(0) = ? [pid 2999] <... futex resumed>) = ? [pid 2999] +++ exited with 0 +++ [pid 3002] <... futex resumed>) = ? [pid 3002] +++ exited with 0 +++ [pid 2998] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2998, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./530", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./530", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./530/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./530/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./530/binderfs") = 0 umount2("./530/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./530/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./530/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./530/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./530/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./530/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./530") = 0 mkdir("./531", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3003 ./strace-static-x86_64: Process 3003 attached [pid 3003] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3003] chdir("./531") = 0 [pid 3003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3003] setpgid(0, 0) = 0 [pid 3003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3003] write(3, "1000", 4) = 4 [pid 3003] close(3) = 0 [pid 3003] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3003] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3003] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3003] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3004], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3004 [pid 3003] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3003] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3004 attached [pid 3004] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3004] memfd_create("syzkaller", 0) = 3 [pid 3004] ftruncate(3, 2097152) = 0 [pid 3004] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3004] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3004] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3004] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3004] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3004] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3004] mkdir("./file0", 0777) = 0 [pid 3004] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3004] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3004] ioctl(4, LOOP_CLR_FD) = 0 [pid 3004] close(4) = 0 [pid 3004] close(3) = 0 [pid 3004] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3004] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3003] <... futex resumed>) = 0 [pid 3003] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3004] <... futex resumed>) = 0 [pid 3003] <... futex resumed>) = 1 [pid 3004] chdir("./file0" [pid 3003] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3004] <... chdir resumed>) = 0 [pid 3004] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3003] <... futex resumed>) = 0 [pid 3003] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3004] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3003] <... futex resumed>) = 0 [pid 3003] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3004] <... openat resumed>) = 3 [pid 3004] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3003] <... futex resumed>) = 0 [pid 3004] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3003] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3003] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3003] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3003] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3004] <... write resumed>) = 61 [pid 3004] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3003] <... clone resumed>, parent_tid=[3007], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3007 [pid 3004] <... futex resumed>) = 0 [pid 3003] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3004] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3003] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3007 attached [pid 3007] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3007] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3007] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3007] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3003] <... futex resumed>) = 0 [pid 3003] exit_group(0) = ? [pid 3004] <... futex resumed>) = ? [pid 3004] +++ exited with 0 +++ [pid 3007] <... futex resumed>) = ? [pid 3007] +++ exited with 0 +++ [pid 3003] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3003, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./531", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./531", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./531/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./531/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./531/binderfs") = 0 umount2("./531/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./531/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./531/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./531/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./531/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./531/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./531") = 0 mkdir("./532", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3008 ./strace-static-x86_64: Process 3008 attached [pid 3008] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3008] chdir("./532") = 0 [pid 3008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3008] setpgid(0, 0) = 0 [pid 3008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3008] write(3, "1000", 4) = 4 [pid 3008] close(3) = 0 [pid 3008] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3008] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3008] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3008] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3009], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3009 ./strace-static-x86_64: Process 3009 attached [pid 3008] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3009] set_robust_list(0x7f697cdef9e0, 24 [pid 3008] <... futex resumed>) = 0 [pid 3009] <... set_robust_list resumed>) = 0 [pid 3008] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3009] memfd_create("syzkaller", 0) = 3 [pid 3009] ftruncate(3, 2097152) = 0 [pid 3009] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3009] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3009] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3009] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3009] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3009] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3009] mkdir("./file0", 0777) = 0 [pid 3009] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3009] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3009] ioctl(4, LOOP_CLR_FD) = 0 [pid 3009] close(4) = 0 [pid 3009] close(3) = 0 [pid 3009] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3008] <... futex resumed>) = 0 [pid 3008] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3008] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3009] <... futex resumed>) = 1 [pid 3009] chdir("./file0") = 0 [pid 3009] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3008] <... futex resumed>) = 0 [pid 3008] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3008] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3009] <... futex resumed>) = 1 [pid 3009] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3009] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3008] <... futex resumed>) = 0 [pid 3008] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3008] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3008] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3008] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3012], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3012 [pid 3008] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3008] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3009] <... futex resumed>) = 1 [pid 3009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61./strace-static-x86_64: Process 3012 attached ) = 61 [pid 3012] set_robust_list(0x7f697cdce9e0, 24 [pid 3009] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3009] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3012] <... set_robust_list resumed>) = 0 [pid 3012] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3012] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3008] <... futex resumed>) = 0 [pid 3008] exit_group(0) = ? [pid 3012] <... futex resumed>) = ? [pid 3009] <... futex resumed>) = ? [pid 3012] +++ exited with 0 +++ [pid 3009] +++ exited with 0 +++ [pid 3008] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3008, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./532", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./532", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./532/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./532/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./532/binderfs") = 0 umount2("./532/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./532/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./532/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./532/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./532/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./532/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./532") = 0 mkdir("./533", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3013 ./strace-static-x86_64: Process 3013 attached [pid 3013] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3013] chdir("./533") = 0 [pid 3013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3013] setpgid(0, 0) = 0 [pid 3013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3013] write(3, "1000", 4) = 4 [pid 3013] close(3) = 0 [pid 3013] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3013] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3013] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3013] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3013] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3014], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3014 [pid 3013] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3014 attached ) = 0 [pid 3013] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3014] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3014] memfd_create("syzkaller", 0) = 3 [pid 3014] ftruncate(3, 2097152) = 0 [pid 3014] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3014] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3014] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3014] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3014] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3014] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3014] mkdir("./file0", 0777) = 0 [pid 3014] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3014] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3014] ioctl(4, LOOP_CLR_FD) = 0 [pid 3014] close(4) = 0 [pid 3014] close(3) = 0 [pid 3014] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3013] <... futex resumed>) = 0 [pid 3013] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3013] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3014] <... futex resumed>) = 1 [pid 3014] chdir("./file0") = 0 [pid 3014] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3013] <... futex resumed>) = 0 [pid 3013] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3013] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3014] <... futex resumed>) = 1 [pid 3014] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3014] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3013] <... futex resumed>) = 0 [pid 3013] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3013] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3013] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3013] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3013] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3017], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3017 [pid 3013] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3013] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3014] <... futex resumed>) = 1 [pid 3014] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 ./strace-static-x86_64: Process 3017 attached [pid 3014] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3014] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3017] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3017] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3017] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3013] <... futex resumed>) = 0 [pid 3013] exit_group(0) = ? [pid 3017] +++ exited with 0 +++ [pid 3014] <... futex resumed>) = ? [pid 3014] +++ exited with 0 +++ [pid 3013] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3013, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./533", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./533", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./533/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./533/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./533/binderfs") = 0 umount2("./533/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./533/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./533/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./533/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./533/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./533/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./533") = 0 mkdir("./534", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3018 ./strace-static-x86_64: Process 3018 attached [pid 3018] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3018] chdir("./534") = 0 [pid 3018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3018] setpgid(0, 0) = 0 [pid 3018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3018] write(3, "1000", 4) = 4 [pid 3018] close(3) = 0 [pid 3018] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3018] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3018] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3018] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3019], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3019 [pid 3018] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3018] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3019 attached [pid 3019] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3019] memfd_create("syzkaller", 0) = 3 [pid 3019] ftruncate(3, 2097152) = 0 [pid 3019] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3019] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3019] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3019] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3019] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3019] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3019] mkdir("./file0", 0777) = 0 [pid 3019] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3019] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3019] ioctl(4, LOOP_CLR_FD) = 0 [pid 3019] close(4) = 0 [pid 3019] close(3) = 0 [pid 3019] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3018] <... futex resumed>) = 0 [pid 3018] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3018] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3019] chdir("./file0") = 0 [pid 3019] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3018] <... futex resumed>) = 0 [pid 3019] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3018] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3018] <... futex resumed>) = 0 [pid 3019] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3018] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3019] <... openat resumed>) = 3 [pid 3019] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3018] <... futex resumed>) = 0 [pid 3019] <... futex resumed>) = 1 [pid 3018] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3018] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3018] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3018] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3022], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3022 [pid 3018] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3018] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3019] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3019] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3022 attached [pid 3022] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3022] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3022] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3018] <... futex resumed>) = 0 [pid 3018] exit_group(0) = ? [pid 3022] <... futex resumed>) = ? [pid 3019] <... futex resumed>) = ? [pid 3019] +++ exited with 0 +++ [pid 3022] +++ exited with 0 +++ [pid 3018] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3018, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./534", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./534", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./534/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./534/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./534/binderfs") = 0 umount2("./534/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./534/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./534/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./534/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./534/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./534/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./534") = 0 mkdir("./535", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3023 ./strace-static-x86_64: Process 3023 attached [pid 3023] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3023] chdir("./535") = 0 [pid 3023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3023] setpgid(0, 0) = 0 [pid 3023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3023] write(3, "1000", 4) = 4 [pid 3023] close(3) = 0 [pid 3023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3023] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3023] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3023] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3024], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3024 [pid 3023] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3023] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3024 attached [pid 3024] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3024] memfd_create("syzkaller", 0) = 3 [pid 3024] ftruncate(3, 2097152) = 0 [pid 3024] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3024] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3024] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3024] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3024] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3024] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3024] mkdir("./file0", 0777) = 0 [pid 3024] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3024] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3024] ioctl(4, LOOP_CLR_FD) = 0 [pid 3024] close(4) = 0 [pid 3024] close(3) = 0 [pid 3024] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3023] <... futex resumed>) = 0 [pid 3023] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3023] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3024] chdir("./file0") = 0 [pid 3024] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3023] <... futex resumed>) = 0 [pid 3023] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3023] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3024] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3024] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3023] <... futex resumed>) = 0 [pid 3023] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3023] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3023] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3023] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3027 attached , parent_tid=[3027], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3027 [pid 3023] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3023] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3024] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3024] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3027] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3027] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3027] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3023] <... futex resumed>) = 0 [pid 3023] exit_group(0) = ? [pid 3024] <... futex resumed>) = ? [pid 3024] +++ exited with 0 +++ [pid 3027] <... futex resumed>) = ? [pid 3027] +++ exited with 0 +++ [pid 3023] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3023, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./535", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./535", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./535/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./535/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./535/binderfs") = 0 umount2("./535/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./535/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./535/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./535/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./535/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./535/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./535") = 0 mkdir("./536", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3028 ./strace-static-x86_64: Process 3028 attached [pid 3028] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3028] chdir("./536") = 0 [pid 3028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3028] setpgid(0, 0) = 0 [pid 3028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3028] write(3, "1000", 4) = 4 [pid 3028] close(3) = 0 [pid 3028] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3028] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3028] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3028] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3029], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3029 [pid 3028] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3028] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3029 attached [pid 3029] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3029] memfd_create("syzkaller", 0) = 3 [pid 3029] ftruncate(3, 2097152) = 0 [pid 3029] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3029] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3029] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3029] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3029] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3029] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3029] mkdir("./file0", 0777) = 0 [pid 3029] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3029] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3029] ioctl(4, LOOP_CLR_FD) = 0 [pid 3029] close(4) = 0 [pid 3029] close(3) = 0 [pid 3029] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3028] <... futex resumed>) = 0 [pid 3028] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3028] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3029] <... futex resumed>) = 1 [pid 3029] chdir("./file0") = 0 [pid 3029] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3028] <... futex resumed>) = 0 [pid 3028] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3028] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3029] <... futex resumed>) = 1 [pid 3029] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3029] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3028] <... futex resumed>) = 0 [pid 3028] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3028] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3028] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3028] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3032], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3032 [pid 3028] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3028] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3029] <... futex resumed>) = 1 [pid 3029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3029] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3029] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3032 attached [pid 3032] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3032] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3032] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3028] <... futex resumed>) = 0 [pid 3028] exit_group(0 [pid 3029] <... futex resumed>) = ? [pid 3028] <... exit_group resumed>) = ? [pid 3029] +++ exited with 0 +++ [pid 3032] <... futex resumed>) = ? [pid 3032] +++ exited with 0 +++ [pid 3028] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3028, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./536", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./536", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./536/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./536/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./536/binderfs") = 0 umount2("./536/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./536/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./536/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./536/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./536/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./536/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./536") = 0 mkdir("./537", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3033 ./strace-static-x86_64: Process 3033 attached [pid 3033] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3033] chdir("./537") = 0 [pid 3033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3033] setpgid(0, 0) = 0 [pid 3033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3033] write(3, "1000", 4) = 4 [pid 3033] close(3) = 0 [pid 3033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3033] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3033] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3033] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3034], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3034 [pid 3033] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3033] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3034 attached [pid 3034] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3034] memfd_create("syzkaller", 0) = 3 [pid 3034] ftruncate(3, 2097152) = 0 [pid 3034] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3034] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3034] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3034] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3034] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3034] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3034] mkdir("./file0", 0777) = 0 [pid 3034] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3034] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3034] ioctl(4, LOOP_CLR_FD) = 0 [pid 3034] close(4) = 0 [pid 3034] close(3) = 0 [pid 3034] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3033] <... futex resumed>) = 0 [pid 3033] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3033] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3034] chdir("./file0") = 0 [pid 3034] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3033] <... futex resumed>) = 0 [pid 3033] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3033] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3034] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3034] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3033] <... futex resumed>) = 0 [pid 3033] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3033] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3033] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3033] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3037], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3037 [pid 3033] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3033] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3034] <... futex resumed>) = 1 [pid 3034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3034] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3034] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3037 attached [pid 3037] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3037] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3037] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3033] <... futex resumed>) = 0 [pid 3033] exit_group(0 [pid 3034] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 3033] <... exit_group resumed>) = ? [pid 3034] +++ exited with 0 +++ [pid 3037] +++ exited with 0 +++ [pid 3033] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3033, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./537", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./537", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./537/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./537/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./537/binderfs") = 0 umount2("./537/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./537/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./537/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./537/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./537/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./537/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./537") = 0 mkdir("./538", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3038 ./strace-static-x86_64: Process 3038 attached [pid 3038] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3038] chdir("./538") = 0 [pid 3038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3038] setpgid(0, 0) = 0 [pid 3038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3038] write(3, "1000", 4) = 4 [pid 3038] close(3) = 0 [pid 3038] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3038] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3038] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3038] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3039], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3039 [pid 3038] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3038] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3039 attached [pid 3039] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3039] memfd_create("syzkaller", 0) = 3 [pid 3039] ftruncate(3, 2097152) = 0 [pid 3039] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3039] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3039] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3039] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3039] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3039] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3039] ioctl(4, LOOP_CLR_FD) = 0 [pid 3039] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3039] close(4) = 0 [pid 3039] close(3) = 0 [pid 3039] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3038] <... futex resumed>) = 0 [pid 3038] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3038] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3039] <... futex resumed>) = 1 [pid 3039] chdir("./file0") = -1 ENOENT (No such file or directory) [pid 3039] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3038] <... futex resumed>) = 0 [pid 3038] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3038] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3039] <... futex resumed>) = 1 [pid 3039] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3039] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3038] <... futex resumed>) = 0 [pid 3039] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3038] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3039] <... futex resumed>) = 0 [pid 3038] <... futex resumed>) = 1 [pid 3039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3038] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3038] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3038] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3039] <... write resumed>) = 61 [pid 3039] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3038] <... clone resumed>, parent_tid=[3040], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3040 [pid 3039] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3038] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3038] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3040 attached [pid 3040] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3040] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3040] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3040] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3038] <... futex resumed>) = 0 [pid 3038] exit_group(0) = ? [pid 3039] <... futex resumed>) = ? [pid 3040] <... futex resumed>) = ? [pid 3039] +++ exited with 0 +++ [pid 3040] +++ exited with 0 +++ [pid 3038] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3038, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./538", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./538", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 128 umount2("./538/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./538/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./538/binderfs") = 0 umount2("./538/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./538/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=61, ...}) = 0 unlink("./538/cpuset.effective_cpus") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./538") = 0 mkdir("./539", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3041 ./strace-static-x86_64: Process 3041 attached [pid 3041] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3041] chdir("./539") = 0 [pid 3041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3041] setpgid(0, 0) = 0 [pid 3041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3041] write(3, "1000", 4) = 4 [pid 3041] close(3) = 0 [pid 3041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3041] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3041] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3041] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3042], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3042 [pid 3041] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3041] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3042 attached [pid 3042] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3042] memfd_create("syzkaller", 0) = 3 [pid 3042] ftruncate(3, 2097152) = 0 [pid 3042] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3042] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3042] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3042] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3042] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3042] mkdir("./file0", 0777) = 0 [pid 3042] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3042] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3042] ioctl(4, LOOP_CLR_FD) = 0 [pid 3042] close(4) = 0 [pid 3042] close(3) = 0 [pid 3042] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3041] <... futex resumed>) = 0 [pid 3041] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3041] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3042] <... futex resumed>) = 1 [pid 3042] chdir("./file0") = 0 [pid 3042] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3041] <... futex resumed>) = 0 [pid 3041] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3041] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3042] <... futex resumed>) = 1 [pid 3042] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3042] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3041] <... futex resumed>) = 0 [pid 3041] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3041] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3041] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3041] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3045], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3045 [pid 3041] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3041] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3042] <... futex resumed>) = 1 [pid 3042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3042] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3042] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3045 attached [pid 3045] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3045] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3045] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3041] <... futex resumed>) = 0 [pid 3045] <... futex resumed>) = 1 [pid 3041] exit_group(0) = ? [pid 3042] <... futex resumed>) = ? [pid 3042] +++ exited with 0 +++ [pid 3045] +++ exited with 0 +++ [pid 3041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3041, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./539", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./539", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./539/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./539/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./539/binderfs") = 0 umount2("./539/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./539/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./539/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./539/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./539/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./539/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./539") = 0 mkdir("./540", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3046 ./strace-static-x86_64: Process 3046 attached [pid 3046] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3046] chdir("./540") = 0 [pid 3046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3046] setpgid(0, 0) = 0 [pid 3046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3046] write(3, "1000", 4) = 4 [pid 3046] close(3) = 0 [pid 3046] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3046] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3046] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3046] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3047], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3047 [pid 3046] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3046] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3047 attached [pid 3047] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3047] memfd_create("syzkaller", 0) = 3 [pid 3047] ftruncate(3, 2097152) = 0 [pid 3047] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3047] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3047] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3047] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3047] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3047] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3047] mkdir("./file0", 0777) = 0 [pid 3047] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3047] ioctl(4, LOOP_CLR_FD) = 0 [pid 3047] close(4) = 0 [pid 3047] close(3) = 0 [pid 3047] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3046] <... futex resumed>) = 0 [pid 3046] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3046] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3047] <... futex resumed>) = 1 [pid 3047] chdir("./file0") = 0 [pid 3047] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3046] <... futex resumed>) = 0 [pid 3046] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3046] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3047] <... futex resumed>) = 1 [pid 3047] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3047] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3046] <... futex resumed>) = 0 [pid 3046] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3046] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3046] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3046] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3050], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3050 [pid 3046] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3046] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3047] <... futex resumed>) = 1 [pid 3047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3047] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3047] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3050 attached [pid 3050] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3050] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3050] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3046] <... futex resumed>) = 0 [pid 3046] exit_group(0 [pid 3047] <... futex resumed>) = ? [pid 3046] <... exit_group resumed>) = ? [pid 3047] +++ exited with 0 +++ [pid 3050] <... futex resumed>) = ? [pid 3050] +++ exited with 0 +++ [pid 3046] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3046, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./540", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./540", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./540/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./540/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./540/binderfs") = 0 umount2("./540/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./540/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./540/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./540/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./540/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./540/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./540") = 0 mkdir("./541", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3051 ./strace-static-x86_64: Process 3051 attached [pid 3051] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3051] chdir("./541") = 0 [pid 3051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3051] setpgid(0, 0) = 0 [pid 3051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3051] write(3, "1000", 4) = 4 [pid 3051] close(3) = 0 [pid 3051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3051] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3051] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3051] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3052], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3052 ./strace-static-x86_64: Process 3052 attached [pid 3051] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3051] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3052] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3052] memfd_create("syzkaller", 0) = 3 [pid 3052] ftruncate(3, 2097152) = 0 [pid 3052] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3052] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3052] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3052] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3052] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3052] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3052] mkdir("./file0", 0777) = 0 [pid 3052] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3052] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3052] ioctl(4, LOOP_CLR_FD) = 0 [pid 3052] close(4) = 0 [pid 3052] close(3) = 0 [pid 3052] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3051] <... futex resumed>) = 0 [pid 3051] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3051] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3052] chdir("./file0") = 0 [pid 3052] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3052] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3051] <... futex resumed>) = 0 [pid 3051] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3052] <... futex resumed>) = 0 [pid 3052] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3051] <... futex resumed>) = 1 [pid 3051] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3052] <... openat resumed>) = 3 [pid 3052] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3052] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3051] <... futex resumed>) = 0 [pid 3051] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3052] <... futex resumed>) = 0 [pid 3052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3052] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3052] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3051] <... futex resumed>) = 1 [pid 3051] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3052] <... futex resumed>) = 0 [pid 3052] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3051] <... futex resumed>) = 1 [pid 3051] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3052] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3052] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3052] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3051] <... futex resumed>) = 0 [pid 3051] exit_group(0 [pid 3052] <... futex resumed>) = ? [pid 3052] +++ exited with 0 +++ [pid 3051] <... exit_group resumed>) = ? [pid 3051] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3051, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./541", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./541", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./541/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./541/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./541/binderfs") = 0 umount2("./541/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./541/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./541/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./541/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./541/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./541/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./541") = 0 mkdir("./542", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3055 ./strace-static-x86_64: Process 3055 attached [pid 3055] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3055] chdir("./542") = 0 [pid 3055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3055] setpgid(0, 0) = 0 [pid 3055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3055] write(3, "1000", 4) = 4 [pid 3055] close(3) = 0 [pid 3055] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3055] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3055] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3055] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3056], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3056 [pid 3055] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3055] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3056 attached [pid 3056] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3056] memfd_create("syzkaller", 0) = 3 [pid 3056] ftruncate(3, 2097152) = 0 [pid 3056] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3056] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3056] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3056] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3056] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3056] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3056] mkdir("./file0", 0777) = 0 [pid 3056] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3056] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3056] ioctl(4, LOOP_CLR_FD) = 0 [pid 3056] close(4) = 0 [pid 3056] close(3) = 0 [pid 3056] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3055] <... futex resumed>) = 0 [pid 3055] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3055] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3056] <... futex resumed>) = 1 [pid 3056] chdir("./file0") = 0 [pid 3056] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3055] <... futex resumed>) = 0 [pid 3055] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3055] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3056] <... futex resumed>) = 1 [pid 3056] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3056] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3055] <... futex resumed>) = 0 [pid 3055] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3055] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3055] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3055] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3059], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3059 [pid 3055] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3055] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3056] <... futex resumed>) = 1 [pid 3056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3056] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3056] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3059 attached [pid 3059] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3059] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3059] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3055] <... futex resumed>) = 0 [pid 3055] exit_group(0 [pid 3056] <... futex resumed>) = ? [pid 3055] <... exit_group resumed>) = ? [pid 3056] +++ exited with 0 +++ [pid 3059] <... futex resumed>) = ? [pid 3059] +++ exited with 0 +++ [pid 3055] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3055, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./542", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./542", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./542/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./542/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./542/binderfs") = 0 umount2("./542/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./542/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./542/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./542/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./542/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./542/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./542") = 0 mkdir("./543", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3060 ./strace-static-x86_64: Process 3060 attached [pid 3060] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3060] chdir("./543") = 0 [pid 3060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3060] setpgid(0, 0) = 0 [pid 3060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3060] write(3, "1000", 4) = 4 [pid 3060] close(3) = 0 [pid 3060] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3060] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3060] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3060] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3061], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3061 [pid 3060] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3060] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3061 attached [pid 3061] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3061] memfd_create("syzkaller", 0) = 3 [pid 3061] ftruncate(3, 2097152) = 0 [pid 3061] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3061] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3061] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3061] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3061] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3061] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3061] mkdir("./file0", 0777) = 0 [pid 3061] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3061] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3061] ioctl(4, LOOP_CLR_FD) = 0 [pid 3061] close(4) = 0 [pid 3061] close(3) = 0 [pid 3061] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3060] <... futex resumed>) = 0 [pid 3061] chdir("./file0" [pid 3060] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3061] <... chdir resumed>) = 0 [pid 3060] <... futex resumed>) = 0 [pid 3061] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3060] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3061] <... futex resumed>) = 0 [pid 3060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3061] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3060] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3060] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3061] <... openat resumed>) = 3 [pid 3061] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3060] <... futex resumed>) = 0 [pid 3060] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3060] <... futex resumed>) = 0 [pid 3061] <... write resumed>) = 61 [pid 3060] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3061] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3060] <... futex resumed>) = 0 [pid 3060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3061] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3060] <... mmap resumed>) = 0x7f697cdae000 [pid 3060] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3060] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3064], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3064 [pid 3060] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3060] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3064 attached [pid 3064] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3064] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3064] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3060] <... futex resumed>) = 0 [pid 3060] exit_group(0) = ? [pid 3061] <... futex resumed>) = ? [pid 3061] +++ exited with 0 +++ [pid 3064] +++ exited with 0 +++ [pid 3060] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3060, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./543", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./543", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./543/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./543/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./543/binderfs") = 0 umount2("./543/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./543/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./543/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./543/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./543/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./543/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./543") = 0 mkdir("./544", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3065 ./strace-static-x86_64: Process 3065 attached [pid 3065] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3065] chdir("./544") = 0 [pid 3065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3065] setpgid(0, 0) = 0 [pid 3065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3065] write(3, "1000", 4) = 4 [pid 3065] close(3) = 0 [pid 3065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3065] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3065] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3065] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3066 attached , parent_tid=[3066], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3066 [pid 3065] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3065] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3066] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3066] memfd_create("syzkaller", 0) = 3 [pid 3066] ftruncate(3, 2097152) = 0 [pid 3066] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3066] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3066] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3066] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3066] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3066] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3066] mkdir("./file0", 0777) = 0 [pid 3066] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3066] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3066] ioctl(4, LOOP_CLR_FD) = 0 [pid 3066] close(4) = 0 [pid 3066] close(3) = 0 [pid 3066] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3065] <... futex resumed>) = 0 [pid 3065] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3065] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3066] chdir("./file0") = 0 [pid 3066] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3065] <... futex resumed>) = 0 [pid 3065] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3065] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3066] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3066] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3065] <... futex resumed>) = 0 [pid 3065] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3065] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3065] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3065] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3069], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3069 [pid 3065] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3065] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3066] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3066] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3069 attached [pid 3069] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3069] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3069] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3065] <... futex resumed>) = 0 [pid 3065] exit_group(0) = ? [pid 3066] <... futex resumed>) = ? [pid 3066] +++ exited with 0 +++ [pid 3069] +++ exited with 0 +++ [pid 3065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3065, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./544", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./544", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./544/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./544/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./544/binderfs") = 0 umount2("./544/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./544/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./544/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./544/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./544/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./544/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./544") = 0 mkdir("./545", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3070 ./strace-static-x86_64: Process 3070 attached [pid 3070] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3070] chdir("./545") = 0 [pid 3070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3070] setpgid(0, 0) = 0 [pid 3070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3070] write(3, "1000", 4) = 4 [pid 3070] close(3) = 0 [pid 3070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3070] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3070] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3070] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3071], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3071 [pid 3070] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3070] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3071 attached [pid 3071] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3071] memfd_create("syzkaller", 0) = 3 [pid 3071] ftruncate(3, 2097152) = 0 [pid 3071] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3071] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3071] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3071] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3071] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3071] mkdir("./file0", 0777) = 0 [pid 3071] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3071] ioctl(4, LOOP_CLR_FD) = 0 [pid 3071] close(4) = 0 [pid 3071] close(3) = 0 [pid 3071] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3070] <... futex resumed>) = 0 [pid 3070] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3070] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3071] <... futex resumed>) = 1 [pid 3071] chdir("./file0") = 0 [pid 3071] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3070] <... futex resumed>) = 0 [pid 3070] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3070] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3071] <... futex resumed>) = 1 [pid 3071] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3071] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3070] <... futex resumed>) = 0 [pid 3070] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3070] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3070] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3070] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3074], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3074 [pid 3070] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3070] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3071] <... futex resumed>) = 1 [pid 3071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3071] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3071] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3074 attached [pid 3074] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3074] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3074] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3070] <... futex resumed>) = 0 [pid 3070] exit_group(0 [pid 3071] <... futex resumed>) = ? [pid 3070] <... exit_group resumed>) = ? [pid 3071] +++ exited with 0 +++ [pid 3074] <... futex resumed>) = ? [pid 3074] +++ exited with 0 +++ [pid 3070] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3070, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./545", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./545", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./545/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./545/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./545/binderfs") = 0 umount2("./545/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./545/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./545/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./545/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./545/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./545/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./545") = 0 mkdir("./546", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3075 ./strace-static-x86_64: Process 3075 attached [pid 3075] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3075] chdir("./546") = 0 [pid 3075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3075] setpgid(0, 0) = 0 [pid 3075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3075] write(3, "1000", 4) = 4 [pid 3075] close(3) = 0 [pid 3075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3075] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3075] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3075] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3076], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3076 [pid 3075] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3076 attached ) = 0 [pid 3076] set_robust_list(0x7f697cdef9e0, 24 [pid 3075] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3076] <... set_robust_list resumed>) = 0 [pid 3076] memfd_create("syzkaller", 0) = 3 [pid 3076] ftruncate(3, 2097152) = 0 [pid 3076] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3076] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3076] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3076] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3076] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3076] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3076] mkdir("./file0", 0777) = 0 [pid 3076] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3076] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3076] ioctl(4, LOOP_CLR_FD) = 0 [pid 3076] close(4) = 0 [pid 3076] close(3) = 0 [pid 3076] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3075] <... futex resumed>) = 0 [pid 3075] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3076] chdir("./file0") = 0 [pid 3076] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3076] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3075] <... futex resumed>) = 0 [pid 3075] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3075] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3076] <... futex resumed>) = 0 [pid 3075] <... futex resumed>) = 1 [pid 3076] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3075] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3076] <... openat resumed>) = 3 [pid 3076] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3075] <... futex resumed>) = 0 [pid 3076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3075] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3076] <... write resumed>) = 61 [pid 3075] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3076] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3075] <... futex resumed>) = 0 [pid 3075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3076] <... futex resumed>) = 0 [pid 3075] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 3076] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3075] <... mprotect resumed>) = 0 [pid 3075] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3079 attached , parent_tid=[3079], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3079 [pid 3079] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3079] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3075] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3075] <... futex resumed>) = 0 [pid 3079] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3075] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3079] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3079] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3079] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3075] <... futex resumed>) = 0 [pid 3075] exit_group(0 [pid 3079] <... futex resumed>) = ? [pid 3076] <... futex resumed>) = ? [pid 3075] <... exit_group resumed>) = ? [pid 3076] +++ exited with 0 +++ [pid 3079] +++ exited with 0 +++ [pid 3075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3075, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./546", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./546", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./546/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./546/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./546/binderfs") = 0 umount2("./546/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./546/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./546/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./546/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./546/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./546/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./546") = 0 mkdir("./547", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3080 ./strace-static-x86_64: Process 3080 attached [pid 3080] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3080] chdir("./547") = 0 [pid 3080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3080] setpgid(0, 0) = 0 [pid 3080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3080] write(3, "1000", 4) = 4 [pid 3080] close(3) = 0 [pid 3080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3080] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3080] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3080] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3081], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3081 [pid 3080] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3080] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3081 attached [pid 3081] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3081] memfd_create("syzkaller", 0) = 3 [pid 3081] ftruncate(3, 2097152) = 0 [pid 3081] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3081] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3081] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3081] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3081] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3081] mkdir("./file0", 0777) = 0 [pid 3081] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3081] ioctl(4, LOOP_CLR_FD) = 0 [pid 3081] close(4) = 0 [pid 3081] close(3) = 0 [pid 3081] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3080] <... futex resumed>) = 0 [pid 3080] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3080] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3081] chdir("./file0") = 0 [pid 3081] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3080] <... futex resumed>) = 0 [pid 3081] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3080] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3081] <... openat resumed>) = 3 [pid 3080] <... futex resumed>) = 0 [pid 3080] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3081] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3080] <... futex resumed>) = 0 [pid 3081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3080] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3081] <... write resumed>) = 61 [pid 3080] <... futex resumed>) = 0 [pid 3081] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3080] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3081] <... futex resumed>) = 0 [pid 3080] <... futex resumed>) = 0 [pid 3081] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3080] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3080] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3084 attached , parent_tid=[3084], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3084 [pid 3080] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3084] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3084] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3080] <... futex resumed>) = 0 [pid 3080] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3084] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3084] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3084] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3080] exit_group(0 [pid 3084] <... futex resumed>) = 230 [pid 3080] <... exit_group resumed>) = ? [pid 3081] <... futex resumed>) = ? [pid 3081] +++ exited with 0 +++ [pid 3084] +++ exited with 0 +++ [pid 3080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3080, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./547", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./547", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./547/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./547/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./547/binderfs") = 0 umount2("./547/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./547/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./547/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./547/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./547/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./547/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./547") = 0 mkdir("./548", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3085 ./strace-static-x86_64: Process 3085 attached [pid 3085] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3085] chdir("./548") = 0 [pid 3085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3085] setpgid(0, 0) = 0 [pid 3085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3085] write(3, "1000", 4) = 4 [pid 3085] close(3) = 0 [pid 3085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3085] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3085] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3085] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3086 attached , parent_tid=[3086], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3086 [pid 3086] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3086] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3085] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3086] <... futex resumed>) = 0 [pid 3085] <... futex resumed>) = 1 [pid 3085] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3086] memfd_create("syzkaller", 0) = 3 [pid 3086] ftruncate(3, 2097152) = 0 [pid 3086] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3086] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3086] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3086] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3086] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3086] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3086] mkdir("./file0", 0777) = 0 [pid 3086] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3086] ioctl(4, LOOP_CLR_FD) = 0 [pid 3086] close(4) = 0 [pid 3086] close(3) = 0 [pid 3086] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3085] <... futex resumed>) = 0 [pid 3086] chdir("./file0" [pid 3085] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3086] <... chdir resumed>) = 0 [pid 3085] <... futex resumed>) = 0 [pid 3086] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3085] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3086] <... futex resumed>) = 0 [pid 3085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3086] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3085] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3085] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3086] <... openat resumed>) = 3 [pid 3086] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3085] <... futex resumed>) = 0 [pid 3086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3085] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3086] <... write resumed>) = 61 [pid 3086] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3085] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3086] <... futex resumed>) = 0 [pid 3085] <... futex resumed>) = 0 [pid 3086] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3085] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3085] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3089 attached [pid 3089] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3089] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3085] <... clone resumed>, parent_tid=[3089], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3089 [pid 3085] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3089] <... futex resumed>) = 0 [pid 3085] <... futex resumed>) = 1 [pid 3089] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3085] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3089] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3089] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3089] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3085] exit_group(0 [pid 3089] <... futex resumed>) = ? [pid 3086] <... futex resumed>) = ? [pid 3085] <... exit_group resumed>) = ? [pid 3086] +++ exited with 0 +++ [pid 3089] +++ exited with 0 +++ [pid 3085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3085, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./548", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./548", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./548/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./548/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./548/binderfs") = 0 umount2("./548/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./548/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./548/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./548/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./548/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./548/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./548") = 0 mkdir("./549", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3090 ./strace-static-x86_64: Process 3090 attached [pid 3090] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3090] chdir("./549") = 0 [pid 3090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3090] setpgid(0, 0) = 0 [pid 3090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3090] write(3, "1000", 4) = 4 [pid 3090] close(3) = 0 [pid 3090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3090] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3090] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3090] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3091], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3091 [pid 3090] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3090] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3091 attached [pid 3091] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3091] memfd_create("syzkaller", 0) = 3 [pid 3091] ftruncate(3, 2097152) = 0 [pid 3091] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3091] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3091] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3091] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3091] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3091] mkdir("./file0", 0777) = 0 [pid 3091] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3091] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3091] ioctl(4, LOOP_CLR_FD) = 0 [pid 3091] close(4) = 0 [pid 3091] close(3) = 0 [pid 3091] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3090] <... futex resumed>) = 0 [pid 3090] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3090] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3091] <... futex resumed>) = 1 [pid 3091] chdir("./file0") = 0 [pid 3091] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3090] <... futex resumed>) = 0 [pid 3090] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3090] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3091] <... futex resumed>) = 1 [pid 3091] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3091] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3090] <... futex resumed>) = 0 [pid 3090] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3090] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3090] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3090] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3094], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3094 [pid 3090] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3090] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3091] <... futex resumed>) = 1 [pid 3091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3091] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3091] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3094 attached [pid 3094] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3094] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3094] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3090] <... futex resumed>) = 0 [pid 3090] exit_group(0 [pid 3091] <... futex resumed>) = ? [pid 3090] <... exit_group resumed>) = ? [pid 3091] +++ exited with 0 +++ [pid 3094] <... futex resumed>) = ? [pid 3094] +++ exited with 0 +++ [pid 3090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3090, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./549", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./549", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./549/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./549/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./549/binderfs") = 0 umount2("./549/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./549/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./549/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./549/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./549/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./549/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./549") = 0 mkdir("./550", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3095 attached , child_tidptr=0x555555cf25d0) = 3095 [pid 3095] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3095] chdir("./550") = 0 [pid 3095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3095] setpgid(0, 0) = 0 [pid 3095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3095] write(3, "1000", 4) = 4 [pid 3095] close(3) = 0 [pid 3095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3095] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3095] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3095] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3096 attached , parent_tid=[3096], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3096 [pid 3096] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3096] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3095] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3096] <... futex resumed>) = 0 [pid 3095] <... futex resumed>) = 1 [pid 3096] memfd_create("syzkaller", 0 [pid 3095] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3096] <... memfd_create resumed>) = 3 [pid 3096] ftruncate(3, 2097152) = 0 [pid 3096] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3096] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3096] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3096] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3096] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3096] mkdir("./file0", 0777) = 0 [pid 3096] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3096] ioctl(4, LOOP_CLR_FD) = 0 [pid 3096] close(4) = 0 [pid 3096] close(3) = 0 [pid 3096] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3095] <... futex resumed>) = 0 [pid 3095] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3096] chdir("./file0" [pid 3095] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3096] <... chdir resumed>) = 0 [pid 3096] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3095] <... futex resumed>) = 0 [pid 3096] <... futex resumed>) = 1 [pid 3096] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3095] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3095] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3096] <... openat resumed>) = 3 [pid 3096] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3095] <... futex resumed>) = 0 [pid 3095] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3095] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3096] <... write resumed>) = 61 [pid 3096] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3095] <... mmap resumed>) = 0x7f697cdae000 [pid 3096] <... futex resumed>) = 0 [pid 3095] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3095] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3099 attached [pid 3099] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3099] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3095] <... clone resumed>, parent_tid=[3099], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3099 [pid 3096] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3095] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3095] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3099] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3099] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3095] <... futex resumed>) = 0 [pid 3099] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3095] exit_group(0) = ? [pid 3096] <... futex resumed>) = ? [pid 3099] <... futex resumed>) = ? [pid 3096] +++ exited with 0 +++ [pid 3099] +++ exited with 0 +++ [pid 3095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3095, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./550", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./550", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./550/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./550/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./550/binderfs") = 0 umount2("./550/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./550/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./550/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./550/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./550/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./550/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./550") = 0 mkdir("./551", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3100 ./strace-static-x86_64: Process 3100 attached [pid 3100] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3100] chdir("./551") = 0 [pid 3100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3100] setpgid(0, 0) = 0 [pid 3100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3100] write(3, "1000", 4) = 4 [pid 3100] close(3) = 0 [pid 3100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3100] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3100] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3100] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3101], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3101 [pid 3100] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3100] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3101 attached [pid 3101] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3101] memfd_create("syzkaller", 0) = 3 [pid 3101] ftruncate(3, 2097152) = 0 [pid 3101] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3101] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3101] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3101] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3101] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3101] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3101] mkdir("./file0", 0777) = 0 [pid 3101] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3101] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3101] ioctl(4, LOOP_CLR_FD) = 0 [pid 3101] close(4) = 0 [pid 3101] close(3) = 0 [pid 3101] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3100] <... futex resumed>) = 0 [pid 3100] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3100] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3101] <... futex resumed>) = 1 [pid 3101] chdir("./file0") = 0 [pid 3101] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3100] <... futex resumed>) = 0 [pid 3100] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3100] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3101] <... futex resumed>) = 1 [pid 3101] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3101] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3100] <... futex resumed>) = 0 [pid 3101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3100] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3100] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3101] <... write resumed>) = 61 [pid 3100] <... futex resumed>) = 0 [pid 3100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3101] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3100] <... mmap resumed>) = 0x7f697cdae000 [pid 3100] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3101] <... futex resumed>) = 0 [pid 3100] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3104], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3104 [pid 3101] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3104 attached [pid 3104] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3104] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3100] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3104] <... futex resumed>) = 0 [pid 3100] <... futex resumed>) = 1 [pid 3104] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3100] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3104] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3104] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3104] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3100] <... futex resumed>) = 0 [pid 3100] exit_group(0) = ? [pid 3101] <... futex resumed>) = ? [pid 3101] +++ exited with 0 +++ [pid 3104] <... futex resumed>) = ? [pid 3104] +++ exited with 0 +++ [pid 3100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3100, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./551", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./551", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./551/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./551/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./551/binderfs") = 0 umount2("./551/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./551/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./551/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./551/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./551/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./551/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./551") = 0 mkdir("./552", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3105 ./strace-static-x86_64: Process 3105 attached [pid 3105] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3105] chdir("./552") = 0 [pid 3105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3105] setpgid(0, 0) = 0 [pid 3105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3105] write(3, "1000", 4) = 4 [pid 3105] close(3) = 0 [pid 3105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3105] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3105] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3105] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3106 attached , parent_tid=[3106], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3106 [pid 3105] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3105] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3106] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3106] memfd_create("syzkaller", 0) = 3 [pid 3106] ftruncate(3, 2097152) = 0 [pid 3106] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3106] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3106] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3106] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3106] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3106] mkdir("./file0", 0777) = 0 [pid 3106] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3106] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3106] ioctl(4, LOOP_CLR_FD) = 0 [pid 3106] close(4) = 0 [pid 3106] close(3) = 0 [pid 3106] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3106] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3105] <... futex resumed>) = 0 [pid 3105] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3106] <... futex resumed>) = 0 [pid 3105] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3106] chdir("./file0") = 0 [pid 3106] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3105] <... futex resumed>) = 0 [pid 3106] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3105] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3105] <... futex resumed>) = 0 [pid 3106] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3105] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3106] <... openat resumed>) = 3 [pid 3106] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3105] <... futex resumed>) = 0 [pid 3106] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3105] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3105] <... futex resumed>) = 0 [pid 3106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3105] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3106] <... write resumed>) = 61 [pid 3105] <... futex resumed>) = 0 [pid 3106] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3106] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3105] <... mmap resumed>) = 0x7f697cdae000 [pid 3105] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3105] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3109], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3109 [pid 3105] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3105] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3109 attached [pid 3109] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3109] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3109] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3105] <... futex resumed>) = 0 [pid 3109] <... futex resumed>) = 1 [pid 3105] exit_group(0 [pid 3109] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3105] <... exit_group resumed>) = ? [pid 3106] <... futex resumed>) = ? [pid 3106] +++ exited with 0 +++ [pid 3109] <... futex resumed>) = ? [pid 3109] +++ exited with 0 +++ [pid 3105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3105, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./552", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./552", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./552/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./552/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./552/binderfs") = 0 umount2("./552/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./552/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./552/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./552/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./552/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./552/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./552") = 0 mkdir("./553", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3110 ./strace-static-x86_64: Process 3110 attached [pid 3110] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3110] chdir("./553") = 0 [pid 3110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3110] setpgid(0, 0) = 0 [pid 3110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3110] write(3, "1000", 4) = 4 [pid 3110] close(3) = 0 [pid 3110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3110] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3110] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3110] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3111], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3111 [pid 3110] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3110] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3111 attached [pid 3111] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3111] memfd_create("syzkaller", 0) = 3 [pid 3111] ftruncate(3, 2097152) = 0 [pid 3111] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3111] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3111] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3111] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3111] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3111] mkdir("./file0", 0777) = 0 [pid 3111] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3111] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3111] ioctl(4, LOOP_CLR_FD) = 0 [pid 3111] close(4) = 0 [pid 3111] close(3) = 0 [pid 3111] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3110] <... futex resumed>) = 0 [pid 3110] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3110] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3111] <... futex resumed>) = 1 [pid 3111] chdir("./file0") = 0 [pid 3111] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3110] <... futex resumed>) = 0 [pid 3110] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3110] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3111] <... futex resumed>) = 1 [pid 3111] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3111] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3110] <... futex resumed>) = 0 [pid 3110] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3110] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3110] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3110] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3114], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3114 ./strace-static-x86_64: Process 3114 attached [pid 3110] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3110] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3111] <... futex resumed>) = 1 [pid 3111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3111] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3111] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3114] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3114] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3114] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3110] <... futex resumed>) = 0 [pid 3110] exit_group(0) = ? [pid 3111] <... futex resumed>) = ? [pid 3111] +++ exited with 0 +++ [pid 3114] <... futex resumed>) = ? [pid 3114] +++ exited with 0 +++ [pid 3110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3110, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./553", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./553", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./553/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./553/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./553/binderfs") = 0 umount2("./553/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./553/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./553/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./553/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./553/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./553/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./553") = 0 mkdir("./554", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3115 ./strace-static-x86_64: Process 3115 attached [pid 3115] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3115] chdir("./554") = 0 [pid 3115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3115] setpgid(0, 0) = 0 [pid 3115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3115] write(3, "1000", 4) = 4 [pid 3115] close(3) = 0 [pid 3115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3115] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3115] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3115] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3116], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3116 [pid 3115] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3115] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3116 attached [pid 3116] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3116] memfd_create("syzkaller", 0) = 3 [pid 3116] ftruncate(3, 2097152) = 0 [pid 3116] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3116] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3116] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3116] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3116] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3116] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3116] ioctl(4, LOOP_CLR_FD) = 0 [pid 3116] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3116] close(4) = 0 [pid 3116] close(3) = 0 [pid 3116] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3115] <... futex resumed>) = 0 [pid 3115] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3115] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3116] <... futex resumed>) = 1 [pid 3116] chdir("./file0") = -1 ENOENT (No such file or directory) [pid 3116] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3115] <... futex resumed>) = 0 [pid 3115] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3115] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3116] <... futex resumed>) = 1 [pid 3116] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3116] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3115] <... futex resumed>) = 0 [pid 3115] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3115] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3115] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3115] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3117], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3117 [pid 3115] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3115] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3116] <... futex resumed>) = 1 [pid 3116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3116] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3116] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3117 attached [pid 3117] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3117] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3117] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3115] <... futex resumed>) = 0 [pid 3115] exit_group(0 [pid 3116] <... futex resumed>) = ? [pid 3115] <... exit_group resumed>) = ? [pid 3116] +++ exited with 0 +++ [pid 3117] <... futex resumed>) = ? [pid 3117] +++ exited with 0 +++ [pid 3115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3115, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./554", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./554", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 128 umount2("./554/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./554/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./554/binderfs") = 0 umount2("./554/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./554/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=61, ...}) = 0 unlink("./554/cpuset.effective_cpus") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./554") = 0 mkdir("./555", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3118 ./strace-static-x86_64: Process 3118 attached [pid 3118] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3118] chdir("./555") = 0 [pid 3118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3118] setpgid(0, 0) = 0 [pid 3118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3118] write(3, "1000", 4) = 4 [pid 3118] close(3) = 0 [pid 3118] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3118] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3118] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3118] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3119], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3119 [pid 3118] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3118] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3119 attached [pid 3119] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3119] memfd_create("syzkaller", 0) = 3 [pid 3119] ftruncate(3, 2097152) = 0 [pid 3119] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3119] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3119] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3119] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3119] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3119] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3119] mkdir("./file0", 0777) = 0 [pid 3119] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3119] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3119] ioctl(4, LOOP_CLR_FD) = 0 [pid 3119] close(4) = 0 [pid 3119] close(3) = 0 [pid 3119] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3118] <... futex resumed>) = 0 [pid 3118] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3118] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3119] <... futex resumed>) = 1 [pid 3119] chdir("./file0") = 0 [pid 3119] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3118] <... futex resumed>) = 0 [pid 3118] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3118] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3119] <... futex resumed>) = 1 [pid 3119] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3119] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3118] <... futex resumed>) = 0 [pid 3119] <... futex resumed>) = 1 [pid 3118] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3119] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3118] <... futex resumed>) = 0 [pid 3118] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3119] <... write resumed>) = 61 [pid 3118] <... mmap resumed>) = 0x7f697cdae000 [pid 3119] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3118] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 3119] <... futex resumed>) = 0 [pid 3118] <... mprotect resumed>) = 0 [pid 3118] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3122 attached [pid 3119] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3118] <... clone resumed>, parent_tid=[3122], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3122 [pid 3118] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3118] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3122] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3122] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3122] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3118] <... futex resumed>) = 0 [pid 3118] exit_group(0) = ? [pid 3119] <... futex resumed>) = ? [pid 3119] +++ exited with 0 +++ [pid 3122] +++ exited with 0 +++ [pid 3118] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3118, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./555", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./555", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./555/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./555/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./555/binderfs") = 0 umount2("./555/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./555/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./555/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./555/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./555/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./555/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./555") = 0 mkdir("./556", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3123 ./strace-static-x86_64: Process 3123 attached [pid 3123] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3123] chdir("./556") = 0 [pid 3123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3123] setpgid(0, 0) = 0 [pid 3123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3123] write(3, "1000", 4) = 4 [pid 3123] close(3) = 0 [pid 3123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3123] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3123] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3123] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3124], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3124 [pid 3123] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3123] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3124 attached [pid 3124] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3124] memfd_create("syzkaller", 0) = 3 [pid 3124] ftruncate(3, 2097152) = 0 [pid 3124] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3124] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3124] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3124] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3124] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3124] mkdir("./file0", 0777) = 0 [pid 3124] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3124] ioctl(4, LOOP_CLR_FD) = 0 [pid 3124] close(4) = 0 [pid 3124] close(3) = 0 [pid 3124] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3123] <... futex resumed>) = 0 [pid 3123] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3123] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3124] <... futex resumed>) = 1 [pid 3124] chdir("./file0") = 0 [pid 3124] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3123] <... futex resumed>) = 0 [pid 3123] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3123] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3124] <... futex resumed>) = 1 [pid 3124] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3124] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3123] <... futex resumed>) = 0 [pid 3123] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3123] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3123] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3123] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3124] <... futex resumed>) = 1 [pid 3124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3123] <... clone resumed>, parent_tid=[3127], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3127 [pid 3124] <... write resumed>) = 61 [pid 3123] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3123] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3124] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3127 attached ) = 0 [pid 3127] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3127] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3124] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3127] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3127] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3123] <... futex resumed>) = 0 [pid 3123] exit_group(0) = ? [pid 3124] <... futex resumed>) = ? [pid 3124] +++ exited with 0 +++ [pid 3127] <... futex resumed>) = ? [pid 3127] +++ exited with 0 +++ [pid 3123] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3123, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./556", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./556", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./556/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./556/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./556/binderfs") = 0 umount2("./556/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./556/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./556/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./556/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./556/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./556/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./556") = 0 mkdir("./557", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3128 ./strace-static-x86_64: Process 3128 attached [pid 3128] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3128] chdir("./557") = 0 [pid 3128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3128] setpgid(0, 0) = 0 [pid 3128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3128] write(3, "1000", 4) = 4 [pid 3128] close(3) = 0 [pid 3128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3128] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3128] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3128] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3129], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3129 [pid 3128] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3128] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3129 attached [pid 3129] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3129] memfd_create("syzkaller", 0) = 3 [pid 3129] ftruncate(3, 2097152) = 0 [pid 3129] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3129] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3129] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3129] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3129] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3129] mkdir("./file0", 0777) = 0 [pid 3129] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3129] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3129] ioctl(4, LOOP_CLR_FD) = 0 [pid 3129] close(4) = 0 [pid 3129] close(3) = 0 [pid 3129] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3128] <... futex resumed>) = 0 [pid 3128] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3128] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3129] <... futex resumed>) = 1 [pid 3129] chdir("./file0") = 0 [pid 3129] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3128] <... futex resumed>) = 0 [pid 3128] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3128] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3129] <... futex resumed>) = 1 [pid 3129] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3129] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3128] <... futex resumed>) = 0 [pid 3128] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3128] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3128] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3128] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3132], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3132 [pid 3128] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3128] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3129] <... futex resumed>) = 1 [pid 3129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3129] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3129] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3132 attached [pid 3132] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3132] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3132] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3128] <... futex resumed>) = 0 [pid 3128] exit_group(0) = ? [pid 3129] <... futex resumed>) = ? [pid 3129] +++ exited with 0 +++ [pid 3132] <... futex resumed>) = ? [pid 3132] +++ exited with 0 +++ [pid 3128] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3128, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./557", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./557", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./557/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./557/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./557/binderfs") = 0 umount2("./557/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./557/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./557/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./557/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./557/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./557/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./557") = 0 mkdir("./558", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3133 ./strace-static-x86_64: Process 3133 attached [pid 3133] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3133] chdir("./558") = 0 [pid 3133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3133] setpgid(0, 0) = 0 [pid 3133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3133] write(3, "1000", 4) = 4 [pid 3133] close(3) = 0 [pid 3133] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3133] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3133] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3133] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3134 attached , parent_tid=[3134], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3134 [pid 3134] set_robust_list(0x7f697cdef9e0, 24 [pid 3133] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3134] <... set_robust_list resumed>) = 0 [pid 3133] <... futex resumed>) = 0 [pid 3133] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3134] memfd_create("syzkaller", 0) = 3 [pid 3134] ftruncate(3, 2097152) = 0 [pid 3134] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3134] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3134] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3134] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3134] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3134] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3134] mkdir("./file0", 0777) = 0 [pid 3134] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3134] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3134] ioctl(4, LOOP_CLR_FD) = 0 [pid 3134] close(4) = 0 [pid 3134] close(3) = 0 [pid 3134] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3133] <... futex resumed>) = 0 [pid 3133] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3133] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3134] chdir("./file0") = 0 [pid 3134] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3133] <... futex resumed>) = 0 [pid 3133] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3134] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3133] <... futex resumed>) = 0 [pid 3133] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3134] <... openat resumed>) = 3 [pid 3134] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3133] <... futex resumed>) = 0 [pid 3134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3133] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3133] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3134] <... write resumed>) = 61 [pid 3133] <... futex resumed>) = 0 [pid 3133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3133] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 3134] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3133] <... mprotect resumed>) = 0 [pid 3134] <... futex resumed>) = 0 [pid 3133] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3137 attached [pid 3134] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3133] <... clone resumed>, parent_tid=[3137], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3137 [pid 3133] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3133] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3137] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3137] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3137] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3133] <... futex resumed>) = 0 [pid 3133] exit_group(0) = ? [pid 3134] <... futex resumed>) = ? [pid 3134] +++ exited with 0 +++ [pid 3137] +++ exited with 0 +++ [pid 3133] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3133, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./558", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./558", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./558/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./558/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./558/binderfs") = 0 umount2("./558/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./558/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./558/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./558/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./558/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./558/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./558") = 0 mkdir("./559", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3138 ./strace-static-x86_64: Process 3138 attached [pid 3138] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3138] chdir("./559") = 0 [pid 3138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3138] setpgid(0, 0) = 0 [pid 3138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3138] write(3, "1000", 4) = 4 [pid 3138] close(3) = 0 [pid 3138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3138] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3138] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3138] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3139], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3139 [pid 3138] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3138] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3139 attached [pid 3139] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3139] memfd_create("syzkaller", 0) = 3 [pid 3139] ftruncate(3, 2097152) = 0 [pid 3139] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3139] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3139] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3139] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3139] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3139] mkdir("./file0", 0777) = 0 [pid 3139] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3139] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3139] ioctl(4, LOOP_CLR_FD) = 0 [pid 3139] close(4) = 0 [pid 3139] close(3) = 0 [pid 3139] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3138] <... futex resumed>) = 0 [pid 3138] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3138] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3139] <... futex resumed>) = 1 [pid 3139] chdir("./file0") = 0 [pid 3139] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3138] <... futex resumed>) = 0 [pid 3138] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3138] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3139] <... futex resumed>) = 1 [pid 3139] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3139] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3138] <... futex resumed>) = 0 [pid 3138] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3138] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3138] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3138] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3142], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3142 [pid 3138] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3138] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3139] <... futex resumed>) = 1 [pid 3139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3139] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3139] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3142 attached [pid 3142] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3142] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3142] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3138] <... futex resumed>) = 0 [pid 3138] exit_group(0) = ? [pid 3139] <... futex resumed>) = ? [pid 3139] +++ exited with 0 +++ [pid 3142] <... futex resumed>) = ? [pid 3142] +++ exited with 0 +++ [pid 3138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3138, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./559", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./559", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./559/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./559/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./559/binderfs") = 0 umount2("./559/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./559/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./559/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./559/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./559/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./559/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./559") = 0 mkdir("./560", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3143 ./strace-static-x86_64: Process 3143 attached [pid 3143] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3143] chdir("./560") = 0 [pid 3143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3143] setpgid(0, 0) = 0 [pid 3143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3143] write(3, "1000", 4) = 4 [pid 3143] close(3) = 0 [pid 3143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3143] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3143] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3143] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3144], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3144 [pid 3143] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3143] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3144 attached [pid 3144] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3144] memfd_create("syzkaller", 0) = 3 [pid 3144] ftruncate(3, 2097152) = 0 [pid 3144] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3144] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3144] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3144] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3144] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3144] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3144] mkdir("./file0", 0777) = 0 [pid 3144] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3144] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3144] ioctl(4, LOOP_CLR_FD) = 0 [pid 3144] close(4) = 0 [pid 3144] close(3) = 0 [pid 3144] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3143] <... futex resumed>) = 0 [pid 3143] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3143] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3144] <... futex resumed>) = 1 [pid 3144] chdir("./file0") = 0 [pid 3144] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3143] <... futex resumed>) = 0 [pid 3143] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3143] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3144] <... futex resumed>) = 1 [pid 3144] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3144] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3143] <... futex resumed>) = 0 [pid 3143] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3144] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3143] <... futex resumed>) = 0 [pid 3144] <... write resumed>) = 61 [pid 3143] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3144] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3144] <... futex resumed>) = 0 [pid 3143] <... mmap resumed>) = 0x7f697cdae000 [pid 3144] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3143] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3143] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3147], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3147 [pid 3143] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3143] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3147 attached [pid 3147] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3147] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3147] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3143] <... futex resumed>) = 0 [pid 3143] exit_group(0) = ? [pid 3144] <... futex resumed>) = ? [pid 3144] +++ exited with 0 +++ [pid 3147] <... futex resumed>) = ? [pid 3147] +++ exited with 0 +++ [pid 3143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3143, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./560", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./560", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./560/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./560/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./560/binderfs") = 0 umount2("./560/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./560/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./560/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./560/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./560/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./560/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./560") = 0 mkdir("./561", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3148 ./strace-static-x86_64: Process 3148 attached [pid 3148] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3148] chdir("./561") = 0 [pid 3148] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3148] setpgid(0, 0) = 0 [pid 3148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3148] write(3, "1000", 4) = 4 [pid 3148] close(3) = 0 [pid 3148] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3148] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3148] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3148] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3149], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3149 [pid 3148] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3148] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3149 attached [pid 3149] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3149] memfd_create("syzkaller", 0) = 3 [pid 3149] ftruncate(3, 2097152) = 0 [pid 3149] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3149] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3149] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3149] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3149] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3149] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3149] mkdir("./file0", 0777) = 0 [pid 3149] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3149] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3149] ioctl(4, LOOP_CLR_FD) = 0 [pid 3149] close(4) = 0 [pid 3149] close(3) = 0 [pid 3149] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3148] <... futex resumed>) = 0 [pid 3149] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3148] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3148] <... futex resumed>) = 0 [pid 3149] chdir("./file0" [pid 3148] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3149] <... chdir resumed>) = 0 [pid 3149] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3148] <... futex resumed>) = 0 [pid 3149] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3148] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3148] <... futex resumed>) = 0 [pid 3149] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3148] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3149] <... openat resumed>) = 3 [pid 3149] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3148] <... futex resumed>) = 0 [pid 3149] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3148] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3148] <... futex resumed>) = 0 [pid 3149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3148] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3149] <... write resumed>) = 61 [pid 3148] <... futex resumed>) = 0 [pid 3149] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3149] <... futex resumed>) = 0 [pid 3148] <... mmap resumed>) = 0x7f697cdae000 [pid 3149] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3148] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3148] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3152], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3152 [pid 3148] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3148] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3152 attached [pid 3152] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3152] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3152] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3148] <... futex resumed>) = 0 [pid 3148] exit_group(0 [pid 3149] <... futex resumed>) = ? [pid 3148] <... exit_group resumed>) = ? [pid 3149] +++ exited with 0 +++ [pid 3152] <... futex resumed>) = ? [pid 3152] +++ exited with 0 +++ [pid 3148] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3148, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./561", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./561", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./561/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./561/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./561/binderfs") = 0 umount2("./561/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./561/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./561/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./561/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./561/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./561/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./561") = 0 mkdir("./562", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3153 ./strace-static-x86_64: Process 3153 attached [pid 3153] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3153] chdir("./562") = 0 [pid 3153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3153] setpgid(0, 0) = 0 [pid 3153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3153] write(3, "1000", 4) = 4 [pid 3153] close(3) = 0 [pid 3153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3153] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3153] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3153] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3154], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3154 [pid 3153] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3153] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3154 attached [pid 3154] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3154] memfd_create("syzkaller", 0) = 3 [pid 3154] ftruncate(3, 2097152) = 0 [pid 3154] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3154] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3154] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3154] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3154] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3154] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3154] mkdir("./file0", 0777) = 0 [pid 3154] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3154] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3154] ioctl(4, LOOP_CLR_FD) = 0 [pid 3154] close(4) = 0 [pid 3154] close(3) = 0 [pid 3154] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3153] <... futex resumed>) = 0 [pid 3153] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3154] chdir("./file0" [pid 3153] <... futex resumed>) = 0 [pid 3154] <... chdir resumed>) = 0 [pid 3154] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3153] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3154] <... futex resumed>) = 0 [pid 3154] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3153] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3154] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3153] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3154] <... openat resumed>) = 3 [pid 3154] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3153] <... futex resumed>) = 0 [pid 3154] <... futex resumed>) = 1 [pid 3153] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3153] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3153] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3153] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3157 attached , parent_tid=[3157], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3157 [pid 3153] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3157] set_robust_list(0x7f697cdce9e0, 24 [pid 3153] <... futex resumed>) = 0 [pid 3157] <... set_robust_list resumed>) = 0 [pid 3153] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3157] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3157] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3157] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3153] <... futex resumed>) = 0 [pid 3157] <... futex resumed>) = 1 [pid 3157] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3154] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 3154] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3154] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3153] exit_group(0) = ? [pid 3157] <... futex resumed>) = ? [pid 3157] +++ exited with 0 +++ [pid 3154] <... futex resumed>) = ? [pid 3154] +++ exited with 0 +++ [pid 3153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3153, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./562", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./562", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./562/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./562/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./562/binderfs") = 0 umount2("./562/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./562/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./562/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./562/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./562/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./562/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./562") = 0 mkdir("./563", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3158 ./strace-static-x86_64: Process 3158 attached [pid 3158] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3158] chdir("./563") = 0 [pid 3158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3158] setpgid(0, 0) = 0 [pid 3158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3158] write(3, "1000", 4) = 4 [pid 3158] close(3) = 0 [pid 3158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3158] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3158] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3158] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3159], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3159 [pid 3158] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3158] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3159 attached [pid 3159] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3159] memfd_create("syzkaller", 0) = 3 [pid 3159] ftruncate(3, 2097152) = 0 [pid 3159] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3159] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3159] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3159] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3159] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3159] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3159] mkdir("./file0", 0777) = 0 [pid 3159] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3159] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3159] ioctl(4, LOOP_CLR_FD) = 0 [pid 3159] close(4) = 0 [pid 3159] close(3) = 0 [pid 3159] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3158] <... futex resumed>) = 0 [pid 3158] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3158] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3159] <... futex resumed>) = 1 [pid 3159] chdir("./file0") = 0 [pid 3159] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3158] <... futex resumed>) = 0 [pid 3158] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3158] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3159] <... futex resumed>) = 1 [pid 3159] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3159] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3158] <... futex resumed>) = 0 [pid 3158] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3158] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3158] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3158] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3162], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3162 [pid 3158] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3158] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3159] <... futex resumed>) = 1 [pid 3159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3159] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3159] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3162 attached [pid 3162] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3162] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3162] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3158] <... futex resumed>) = 0 [pid 3158] exit_group(0) = ? [pid 3159] <... futex resumed>) = ? [pid 3159] +++ exited with 0 +++ [pid 3162] <... futex resumed>) = ? [pid 3162] +++ exited with 0 +++ [pid 3158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3158, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./563", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./563", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./563/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./563/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./563/binderfs") = 0 umount2("./563/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./563/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./563/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./563/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./563/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./563/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./563") = 0 mkdir("./564", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3163 ./strace-static-x86_64: Process 3163 attached [pid 3163] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3163] chdir("./564") = 0 [pid 3163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3163] setpgid(0, 0) = 0 [pid 3163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3163] write(3, "1000", 4) = 4 [pid 3163] close(3) = 0 [pid 3163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3163] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3163] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3163] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3164], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3164 [pid 3163] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3163] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3164 attached [pid 3164] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3164] memfd_create("syzkaller", 0) = 3 [pid 3164] ftruncate(3, 2097152) = 0 [pid 3164] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3164] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3164] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3164] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3164] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3164] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3164] mkdir("./file0", 0777) = 0 [pid 3164] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3164] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3164] ioctl(4, LOOP_CLR_FD) = 0 [pid 3164] close(4) = 0 [pid 3164] close(3) = 0 [pid 3164] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3163] <... futex resumed>) = 0 [pid 3164] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3163] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3163] <... futex resumed>) = 0 [pid 3164] chdir("./file0" [pid 3163] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3164] <... chdir resumed>) = 0 [pid 3164] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3164] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3163] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3163] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3164] <... futex resumed>) = 0 [pid 3163] <... futex resumed>) = 1 [pid 3164] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3163] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3164] <... openat resumed>) = 3 [pid 3164] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3163] <... futex resumed>) = 0 [pid 3163] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3163] <... futex resumed>) = 0 [pid 3164] <... write resumed>) = 61 [pid 3163] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3164] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3163] <... futex resumed>) = 0 [pid 3164] <... futex resumed>) = 0 [pid 3163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3164] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3163] <... mmap resumed>) = 0x7f697cdae000 [pid 3163] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3163] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3167], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3167 ./strace-static-x86_64: Process 3167 attached [pid 3163] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3163] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3167] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3167] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3167] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3163] <... futex resumed>) = 0 [pid 3163] exit_group(0 [pid 3164] <... futex resumed>) = ? [pid 3163] <... exit_group resumed>) = ? [pid 3164] +++ exited with 0 +++ [pid 3167] <... futex resumed>) = ? [pid 3167] +++ exited with 0 +++ [pid 3163] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3163, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./564", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./564", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./564/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./564/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./564/binderfs") = 0 umount2("./564/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./564/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./564/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./564/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./564/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./564/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./564") = 0 mkdir("./565", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3168 ./strace-static-x86_64: Process 3168 attached [pid 3168] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3168] chdir("./565") = 0 [pid 3168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3168] setpgid(0, 0) = 0 [pid 3168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3168] write(3, "1000", 4) = 4 [pid 3168] close(3) = 0 [pid 3168] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3168] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3168] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3168] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3169], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3169 [pid 3168] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3168] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3169 attached [pid 3169] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3169] memfd_create("syzkaller", 0) = 3 [pid 3169] ftruncate(3, 2097152) = 0 [pid 3169] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3169] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3169] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3169] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3169] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3169] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3169] mkdir("./file0", 0777) = 0 [pid 3169] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3169] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3169] ioctl(4, LOOP_CLR_FD) = 0 [pid 3169] close(4) = 0 [pid 3169] close(3) = 0 [pid 3169] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3169] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3168] <... futex resumed>) = 0 [pid 3168] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3168] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3169] <... futex resumed>) = 0 [pid 3169] chdir("./file0") = 0 [pid 3169] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3168] <... futex resumed>) = 0 [pid 3168] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3168] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3169] <... futex resumed>) = 1 [pid 3169] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3169] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3168] <... futex resumed>) = 0 [pid 3168] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3168] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3168] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3168] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3172], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3172 [pid 3168] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3168] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3169] <... futex resumed>) = 1 [pid 3169] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3169] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3169] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3172 attached [pid 3172] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3172] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3172] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3168] <... futex resumed>) = 0 [pid 3168] exit_group(0) = ? [pid 3172] <... futex resumed>) = ? [pid 3169] <... futex resumed>) = ? [pid 3169] +++ exited with 0 +++ [pid 3172] +++ exited with 0 +++ [pid 3168] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3168, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./565", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./565", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./565/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./565/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./565/binderfs") = 0 umount2("./565/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./565/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./565/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./565/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./565/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./565/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./565") = 0 mkdir("./566", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3173 ./strace-static-x86_64: Process 3173 attached [pid 3173] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3173] chdir("./566") = 0 [pid 3173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3173] setpgid(0, 0) = 0 [pid 3173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3173] write(3, "1000", 4) = 4 [pid 3173] close(3) = 0 [pid 3173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3173] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3173] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3173] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3174], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3174 [pid 3173] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3173] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3174 attached [pid 3174] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3174] memfd_create("syzkaller", 0) = 3 [pid 3174] ftruncate(3, 2097152) = 0 [pid 3174] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3174] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3174] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3174] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3174] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3174] mkdir("./file0", 0777) = 0 [pid 3174] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3174] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3174] ioctl(4, LOOP_CLR_FD) = 0 [pid 3174] close(4) = 0 [pid 3174] close(3) = 0 [pid 3174] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3174] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3173] <... futex resumed>) = 0 [pid 3173] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3174] <... futex resumed>) = 0 [pid 3173] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3174] chdir("./file0") = 0 [pid 3174] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3173] <... futex resumed>) = 0 [pid 3173] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3174] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3173] <... futex resumed>) = 0 [pid 3173] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3174] <... openat resumed>) = 3 [pid 3174] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3173] <... futex resumed>) = 0 [pid 3174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3173] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3173] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3174] <... write resumed>) = 61 [pid 3173] <... futex resumed>) = 0 [pid 3173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3174] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3173] <... mmap resumed>) = 0x7f697cdae000 [pid 3174] <... futex resumed>) = 0 [pid 3173] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 3174] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3173] <... mprotect resumed>) = 0 [pid 3173] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3177], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3177 ./strace-static-x86_64: Process 3177 attached [pid 3173] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3173] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3177] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3177] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3177] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3177] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3173] <... futex resumed>) = 0 [pid 3173] exit_group(0) = ? [pid 3174] <... futex resumed>) = ? [pid 3174] +++ exited with 0 +++ [pid 3177] <... futex resumed>) = ? [pid 3177] +++ exited with 0 +++ [pid 3173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3173, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./566", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./566", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./566/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./566/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./566/binderfs") = 0 umount2("./566/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./566/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./566/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./566/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./566/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./566/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./566") = 0 mkdir("./567", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3178 ./strace-static-x86_64: Process 3178 attached [pid 3178] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3178] chdir("./567") = 0 [pid 3178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3178] setpgid(0, 0) = 0 [pid 3178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3178] write(3, "1000", 4) = 4 [pid 3178] close(3) = 0 [pid 3178] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3178] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3178] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3178] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3179], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3179 [pid 3178] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3178] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3179 attached [pid 3179] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3179] memfd_create("syzkaller", 0) = 3 [pid 3179] ftruncate(3, 2097152) = 0 [pid 3179] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3179] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3179] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3179] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3179] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3179] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3179] mkdir("./file0", 0777) = 0 [pid 3179] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3179] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3179] ioctl(4, LOOP_CLR_FD) = 0 [pid 3179] close(4) = 0 [pid 3179] close(3) = 0 [pid 3179] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3178] <... futex resumed>) = 0 [pid 3178] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3178] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3179] <... futex resumed>) = 1 [pid 3179] chdir("./file0") = 0 [pid 3179] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3178] <... futex resumed>) = 0 [pid 3178] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3178] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3179] <... futex resumed>) = 1 [pid 3179] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3179] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3178] <... futex resumed>) = 0 [pid 3178] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3178] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3178] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3178] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3182], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3182 [pid 3178] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3178] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3179] <... futex resumed>) = 1 [pid 3179] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3179] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3179] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3182 attached [pid 3182] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3182] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3182] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3178] <... futex resumed>) = 0 [pid 3178] exit_group(0 [pid 3179] <... futex resumed>) = ? [pid 3178] <... exit_group resumed>) = ? [pid 3179] +++ exited with 0 +++ [pid 3182] <... futex resumed>) = ? [pid 3182] +++ exited with 0 +++ [pid 3178] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3178, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./567", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./567", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./567/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./567/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./567/binderfs") = 0 umount2("./567/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./567/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./567/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./567/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./567/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./567/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./567") = 0 mkdir("./568", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3183 ./strace-static-x86_64: Process 3183 attached [pid 3183] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3183] chdir("./568") = 0 [pid 3183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3183] setpgid(0, 0) = 0 [pid 3183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3183] write(3, "1000", 4) = 4 [pid 3183] close(3) = 0 [pid 3183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3183] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3183] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3183] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3184], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3184 [pid 3183] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3183] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3184 attached [pid 3184] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3184] memfd_create("syzkaller", 0) = 3 [pid 3184] ftruncate(3, 2097152) = 0 [pid 3184] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3184] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3184] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3184] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3184] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3184] mkdir("./file0", 0777) = 0 [pid 3184] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3184] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3184] ioctl(4, LOOP_CLR_FD) = 0 [pid 3184] close(4) = 0 [pid 3184] close(3) = 0 [pid 3184] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3183] <... futex resumed>) = 0 [pid 3184] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3183] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3183] <... futex resumed>) = 0 [pid 3184] chdir("./file0" [pid 3183] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3184] <... chdir resumed>) = 0 [pid 3184] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3183] <... futex resumed>) = 0 [pid 3184] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3183] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3184] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3183] <... futex resumed>) = 0 [pid 3183] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3184] <... openat resumed>) = 3 [pid 3184] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3183] <... futex resumed>) = 0 [pid 3184] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3183] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3183] <... futex resumed>) = 0 [pid 3184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3183] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3184] <... write resumed>) = 61 [pid 3183] <... futex resumed>) = 0 [pid 3184] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3184] <... futex resumed>) = 0 [pid 3184] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3183] <... mmap resumed>) = 0x7f697cdae000 [pid 3183] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3183] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3187], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3187 [pid 3183] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3183] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3187 attached [pid 3187] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3187] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3187] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3183] <... futex resumed>) = 0 [pid 3183] exit_group(0 [pid 3184] <... futex resumed>) = ? [pid 3183] <... exit_group resumed>) = ? [pid 3184] +++ exited with 0 +++ [pid 3187] <... futex resumed>) = ? [pid 3187] +++ exited with 0 +++ [pid 3183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3183, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./568", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./568", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./568/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./568/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./568/binderfs") = 0 umount2("./568/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./568/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./568/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./568/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./568/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./568/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./568") = 0 mkdir("./569", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3188 ./strace-static-x86_64: Process 3188 attached [pid 3188] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3188] chdir("./569") = 0 [pid 3188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3188] setpgid(0, 0) = 0 [pid 3188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3188] write(3, "1000", 4) = 4 [pid 3188] close(3) = 0 [pid 3188] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3188] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3188] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3188] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3189], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3189 [pid 3188] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3188] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3189 attached [pid 3189] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3189] memfd_create("syzkaller", 0) = 3 [pid 3189] ftruncate(3, 2097152) = 0 [pid 3189] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3189] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3189] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3189] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3189] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3189] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3189] mkdir("./file0", 0777) = 0 [pid 3189] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3189] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3189] ioctl(4, LOOP_CLR_FD) = 0 [pid 3189] close(4) = 0 [pid 3189] close(3) = 0 [pid 3189] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3188] <... futex resumed>) = 0 [pid 3189] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3188] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3189] chdir("./file0" [pid 3188] <... futex resumed>) = 0 [pid 3189] <... chdir resumed>) = 0 [pid 3188] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3189] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3188] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3188] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3189] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3188] <... futex resumed>) = 0 [pid 3188] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3189] <... openat resumed>) = 3 [pid 3189] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3188] <... futex resumed>) = 0 [pid 3188] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3188] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3188] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3188] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3192], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3192 [pid 3188] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3188] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3189] <... futex resumed>) = 1 [pid 3189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3189] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3189] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3192 attached [pid 3192] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3192] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3192] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3188] <... futex resumed>) = 0 [pid 3188] exit_group(0 [pid 3189] <... futex resumed>) = ? [pid 3188] <... exit_group resumed>) = ? [pid 3189] +++ exited with 0 +++ [pid 3192] <... futex resumed>) = ? [pid 3192] +++ exited with 0 +++ [pid 3188] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3188, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./569", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./569", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./569/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./569/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./569/binderfs") = 0 umount2("./569/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./569/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./569/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./569/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./569/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./569/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./569") = 0 mkdir("./570", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3193 ./strace-static-x86_64: Process 3193 attached [pid 3193] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3193] chdir("./570") = 0 [pid 3193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3193] setpgid(0, 0) = 0 [pid 3193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3193] write(3, "1000", 4) = 4 [pid 3193] close(3) = 0 [pid 3193] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3193] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3193] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3193] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3194], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3194 [pid 3193] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3193] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3194 attached [pid 3194] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3194] memfd_create("syzkaller", 0) = 3 [pid 3194] ftruncate(3, 2097152) = 0 [pid 3194] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3194] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3194] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3194] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3194] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3194] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3194] mkdir("./file0", 0777) = 0 [pid 3194] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3194] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3194] ioctl(4, LOOP_CLR_FD) = 0 [pid 3194] close(4) = 0 [pid 3194] close(3) = 0 [pid 3194] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3193] <... futex resumed>) = 0 [pid 3193] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3193] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3194] chdir("./file0") = 0 [pid 3194] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3193] <... futex resumed>) = 0 [pid 3193] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3193] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3194] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3194] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3193] <... futex resumed>) = 0 [pid 3193] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3193] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3193] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3193] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3197], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3197 [pid 3193] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3194] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3193] <... futex resumed>) = 0 [pid 3194] <... write resumed>) = 61 [pid 3193] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3194] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3194] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3197 attached [pid 3197] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3197] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3197] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3193] <... futex resumed>) = 0 [pid 3197] <... futex resumed>) = 1 [pid 3193] exit_group(0) = ? [pid 3194] <... futex resumed>) = 231 [pid 3197] +++ exited with 0 +++ [pid 3194] +++ exited with 0 +++ [pid 3193] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3193, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./570", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./570", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./570/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./570/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./570/binderfs") = 0 umount2("./570/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./570/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./570/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./570/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./570/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./570/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./570") = 0 mkdir("./571", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3198 attached , child_tidptr=0x555555cf25d0) = 3198 [pid 3198] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3198] chdir("./571") = 0 [pid 3198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3198] setpgid(0, 0) = 0 [pid 3198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3198] write(3, "1000", 4) = 4 [pid 3198] close(3) = 0 [pid 3198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3198] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3198] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3198] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3199], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3199 [pid 3198] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3198] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3199 attached [pid 3199] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3199] memfd_create("syzkaller", 0) = 3 [pid 3199] ftruncate(3, 2097152) = 0 [pid 3199] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3199] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3199] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3199] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3199] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3199] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3199] ioctl(4, LOOP_CLR_FD) = 0 [pid 3199] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3199] close(4) = 0 [pid 3199] close(3) = 0 [pid 3199] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3198] <... futex resumed>) = 0 [pid 3198] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3198] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3199] <... futex resumed>) = 1 [pid 3199] chdir("./file0") = -1 ENOENT (No such file or directory) [pid 3199] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3198] <... futex resumed>) = 0 [pid 3198] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3198] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3199] <... futex resumed>) = 1 [pid 3199] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3199] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3198] <... futex resumed>) = 0 [pid 3198] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3198] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3198] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3198] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3200], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3200 [pid 3198] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3198] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3199] <... futex resumed>) = 1 [pid 3199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3199] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3199] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3200 attached [pid 3200] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3200] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3200] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3198] <... futex resumed>) = 0 [pid 3198] exit_group(0 [pid 3199] <... futex resumed>) = ? [pid 3198] <... exit_group resumed>) = ? [pid 3199] +++ exited with 0 +++ [pid 3200] <... futex resumed>) = ? [pid 3200] +++ exited with 0 +++ [pid 3198] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3198, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./571", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./571", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 128 umount2("./571/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./571/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./571/binderfs") = 0 umount2("./571/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./571/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=61, ...}) = 0 unlink("./571/cpuset.effective_cpus") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./571") = 0 mkdir("./572", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3201 attached [pid 3201] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3201] chdir("./572") = 0 [pid 3201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3201] setpgid(0, 0) = 0 [pid 3201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3201] write(3, "1000", 4) = 4 [pid 3201] close(3) = 0 [pid 3201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3201] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3201] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3201] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 371] <... clone resumed>, child_tidptr=0x555555cf25d0) = 3201 [pid 3201] <... clone resumed>, parent_tid=[3202], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3202 [pid 3201] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3201] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3202 attached [pid 3202] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3202] memfd_create("syzkaller", 0) = 3 [pid 3202] ftruncate(3, 2097152) = 0 [pid 3202] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3202] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3202] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3202] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3202] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3202] mkdir("./file0", 0777) = 0 [pid 3202] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3202] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3202] ioctl(4, LOOP_CLR_FD) = 0 [pid 3202] close(4) = 0 [pid 3202] close(3) = 0 [pid 3202] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3201] <... futex resumed>) = 0 [pid 3201] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3201] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3202] <... futex resumed>) = 1 [pid 3202] chdir("./file0") = 0 [pid 3202] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3201] <... futex resumed>) = 0 [pid 3201] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3201] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3202] <... futex resumed>) = 1 [pid 3202] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3202] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3201] <... futex resumed>) = 0 [pid 3201] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3201] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3201] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3201] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3205], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3205 ./strace-static-x86_64: Process 3205 attached [pid 3201] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3201] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3202] <... futex resumed>) = 1 [pid 3202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3202] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3202] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3205] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3205] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3205] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3201] <... futex resumed>) = 0 [pid 3201] exit_group(0) = ? [pid 3202] <... futex resumed>) = ? [pid 3202] +++ exited with 0 +++ [pid 3205] +++ exited with 0 +++ [pid 3201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3201, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./572", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./572", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./572/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./572/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./572/binderfs") = 0 umount2("./572/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./572/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./572/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./572/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./572/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./572/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./572") = 0 mkdir("./573", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3206 ./strace-static-x86_64: Process 3206 attached [pid 3206] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3206] chdir("./573") = 0 [pid 3206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3206] setpgid(0, 0) = 0 [pid 3206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3206] write(3, "1000", 4) = 4 [pid 3206] close(3) = 0 [pid 3206] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3206] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3206] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3206] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3207], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3207 [pid 3206] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3206] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3207 attached [pid 3207] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3207] memfd_create("syzkaller", 0) = 3 [pid 3207] ftruncate(3, 2097152) = 0 [pid 3207] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3207] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3207] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3207] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3207] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3207] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3207] mkdir("./file0", 0777) = 0 [pid 3207] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3207] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3207] ioctl(4, LOOP_CLR_FD) = 0 [pid 3207] close(4) = 0 [pid 3207] close(3) = 0 [pid 3207] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3206] <... futex resumed>) = 0 [pid 3207] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3206] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3207] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3206] <... futex resumed>) = 0 [pid 3207] chdir("./file0" [pid 3206] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3207] <... chdir resumed>) = 0 [pid 3207] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3206] <... futex resumed>) = 0 [pid 3207] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3206] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3207] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3206] <... futex resumed>) = 0 [pid 3207] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3206] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3207] <... openat resumed>) = 3 [pid 3207] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3206] <... futex resumed>) = 0 [pid 3207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3206] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3207] <... write resumed>) = 61 [pid 3206] <... futex resumed>) = 0 [pid 3207] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3206] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3207] <... futex resumed>) = 0 [pid 3206] <... futex resumed>) = 0 [pid 3207] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3206] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3207] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3207] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3206] <... futex resumed>) = 0 [pid 3206] exit_group(0) = ? [pid 3207] +++ exited with 0 +++ [pid 3206] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3206, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./573", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./573", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./573/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./573/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./573/binderfs") = 0 umount2("./573/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./573/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./573/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./573/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./573/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./573/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./573") = 0 mkdir("./574", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3210 ./strace-static-x86_64: Process 3210 attached [pid 3210] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3210] chdir("./574") = 0 [pid 3210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3210] setpgid(0, 0) = 0 [pid 3210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3210] write(3, "1000", 4) = 4 [pid 3210] close(3) = 0 [pid 3210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3210] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3210] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3210] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3211], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3211 [pid 3210] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3210] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3211 attached [pid 3211] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3211] memfd_create("syzkaller", 0) = 3 [pid 3211] ftruncate(3, 2097152) = 0 [pid 3211] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3211] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3211] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3211] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3211] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3211] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3211] mkdir("./file0", 0777) = 0 [pid 3211] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3211] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3211] ioctl(4, LOOP_CLR_FD) = 0 [pid 3211] close(4) = 0 [pid 3211] close(3) = 0 [pid 3211] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3210] <... futex resumed>) = 0 [pid 3210] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3210] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3211] chdir("./file0") = 0 [pid 3211] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3210] <... futex resumed>) = 0 [pid 3210] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3210] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3211] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3211] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3210] <... futex resumed>) = 0 [pid 3210] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3210] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3210] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3210] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3214], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3214 [pid 3210] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3210] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3211] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3211] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3214 attached [pid 3214] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3214] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3214] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3210] <... futex resumed>) = 0 [pid 3210] exit_group(0 [pid 3211] <... futex resumed>) = ? [pid 3210] <... exit_group resumed>) = ? [pid 3211] +++ exited with 0 +++ [pid 3214] <... futex resumed>) = ? [pid 3214] +++ exited with 0 +++ [pid 3210] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3210, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./574", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./574", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./574/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./574/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./574/binderfs") = 0 umount2("./574/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./574/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./574/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./574/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./574/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./574/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./574") = 0 mkdir("./575", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3215 ./strace-static-x86_64: Process 3215 attached [pid 3215] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3215] chdir("./575") = 0 [pid 3215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3215] setpgid(0, 0) = 0 [pid 3215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3215] write(3, "1000", 4) = 4 [pid 3215] close(3) = 0 [pid 3215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3215] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3215] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3215] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3216], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3216 [pid 3215] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3215] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3216 attached [pid 3216] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3216] memfd_create("syzkaller", 0) = 3 [pid 3216] ftruncate(3, 2097152) = 0 [pid 3216] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3216] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3216] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3216] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3216] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3216] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3216] mkdir("./file0", 0777) = 0 [pid 3216] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3216] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3216] ioctl(4, LOOP_CLR_FD) = 0 [pid 3216] close(4) = 0 [pid 3216] close(3) = 0 [pid 3216] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3215] <... futex resumed>) = 0 [pid 3215] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3215] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3216] <... futex resumed>) = 1 [pid 3216] chdir("./file0") = 0 [pid 3216] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3215] <... futex resumed>) = 0 [pid 3215] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3215] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3216] <... futex resumed>) = 1 [pid 3216] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3216] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3215] <... futex resumed>) = 0 [pid 3215] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3215] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3215] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3215] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3219 attached , parent_tid=[3219], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3219 [pid 3219] set_robust_list(0x7f697cdce9e0, 24 [pid 3215] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3219] <... set_robust_list resumed>) = 0 [pid 3215] <... futex resumed>) = 0 [pid 3219] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3215] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3216] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3219] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3219] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3215] <... futex resumed>) = 0 [pid 3219] <... futex resumed>) = 1 [pid 3219] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3216] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 3216] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3216] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3215] exit_group(0) = ? [pid 3216] <... futex resumed>) = ? [pid 3216] +++ exited with 0 +++ [pid 3219] <... futex resumed>) = ? [pid 3219] +++ exited with 0 +++ [pid 3215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3215, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./575", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./575", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./575/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./575/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./575/binderfs") = 0 umount2("./575/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./575/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./575/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./575/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./575/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./575/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./575") = 0 mkdir("./576", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3220 ./strace-static-x86_64: Process 3220 attached [pid 3220] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3220] chdir("./576") = 0 [pid 3220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3220] setpgid(0, 0) = 0 [pid 3220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3220] write(3, "1000", 4) = 4 [pid 3220] close(3) = 0 [pid 3220] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3220] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3220] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3220] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3221], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3221 [pid 3220] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3220] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3221 attached [pid 3221] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3221] memfd_create("syzkaller", 0) = 3 [pid 3221] ftruncate(3, 2097152) = 0 [pid 3221] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3221] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3221] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3221] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3221] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3221] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3221] mkdir("./file0", 0777) = 0 [pid 3221] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3221] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3221] ioctl(4, LOOP_CLR_FD) = 0 [pid 3221] close(4) = 0 [pid 3221] close(3) = 0 [pid 3221] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3220] <... futex resumed>) = 0 [pid 3221] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3220] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3220] <... futex resumed>) = 0 [pid 3221] chdir("./file0" [pid 3220] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3221] <... chdir resumed>) = 0 [pid 3221] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3220] <... futex resumed>) = 0 [pid 3221] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3220] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3220] <... futex resumed>) = 0 [pid 3221] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3220] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3221] <... openat resumed>) = 3 [pid 3221] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3220] <... futex resumed>) = 0 [pid 3221] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3220] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3220] <... futex resumed>) = 0 [pid 3221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3220] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3221] <... write resumed>) = 61 [pid 3220] <... futex resumed>) = 0 [pid 3221] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3221] <... futex resumed>) = 0 [pid 3220] <... mmap resumed>) = 0x7f697cdae000 [pid 3221] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3220] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3220] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3224], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3224 [pid 3220] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3220] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3224 attached [pid 3224] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3224] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3224] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3220] <... futex resumed>) = 0 [pid 3220] exit_group(0) = ? [pid 3224] <... futex resumed>) = ? [pid 3221] <... futex resumed>) = ? [pid 3221] +++ exited with 0 +++ [pid 3224] +++ exited with 0 +++ [pid 3220] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3220, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./576", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./576", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./576/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./576/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./576/binderfs") = 0 umount2("./576/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./576/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./576/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./576/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./576/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./576/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./576") = 0 mkdir("./577", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3225 ./strace-static-x86_64: Process 3225 attached [pid 3225] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3225] chdir("./577") = 0 [pid 3225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3225] setpgid(0, 0) = 0 [pid 3225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3225] write(3, "1000", 4) = 4 [pid 3225] close(3) = 0 [pid 3225] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3225] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3225] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3225] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3226], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3226 [pid 3225] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3225] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3226 attached [pid 3226] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3226] memfd_create("syzkaller", 0) = 3 [pid 3226] ftruncate(3, 2097152) = 0 [pid 3226] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3226] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3226] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3226] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3226] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3226] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3226] mkdir("./file0", 0777) = 0 [pid 3226] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3226] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3226] ioctl(4, LOOP_CLR_FD) = 0 [pid 3226] close(4) = 0 [pid 3226] close(3) = 0 [pid 3226] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3225] <... futex resumed>) = 0 [pid 3226] <... futex resumed>) = 1 [pid 3225] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3226] chdir("./file0" [pid 3225] <... futex resumed>) = 0 [pid 3225] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3226] <... chdir resumed>) = 0 [pid 3226] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3225] <... futex resumed>) = 0 [pid 3226] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3225] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3225] <... futex resumed>) = 0 [pid 3226] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3225] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3226] <... openat resumed>) = 3 [pid 3226] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3225] <... futex resumed>) = 0 [pid 3225] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3226] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3225] <... futex resumed>) = 0 [pid 3225] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3226] <... write resumed>) = 61 [pid 3225] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 3226] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3225] <... mprotect resumed>) = 0 [pid 3225] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3226] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3229 attached [pid 3229] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3229] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3225] <... clone resumed>, parent_tid=[3229], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3229 [pid 3225] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3229] <... futex resumed>) = 0 [pid 3225] <... futex resumed>) = 1 [pid 3229] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3225] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3229] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3229] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3225] <... futex resumed>) = 0 [pid 3225] exit_group(0) = ? [pid 3226] <... futex resumed>) = ? [pid 3226] +++ exited with 0 +++ [pid 3229] <... futex resumed>) = ? [pid 3229] +++ exited with 0 +++ [pid 3225] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3225, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./577", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./577", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./577/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./577/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./577/binderfs") = 0 umount2("./577/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./577/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./577/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./577/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./577/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./577/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./577") = 0 mkdir("./578", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3230 ./strace-static-x86_64: Process 3230 attached [pid 3230] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3230] chdir("./578") = 0 [pid 3230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3230] setpgid(0, 0) = 0 [pid 3230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3230] write(3, "1000", 4) = 4 [pid 3230] close(3) = 0 [pid 3230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3230] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3230] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3230] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3231], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3231 [pid 3230] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3230] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3231 attached [pid 3231] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3231] memfd_create("syzkaller", 0) = 3 [pid 3231] ftruncate(3, 2097152) = 0 [pid 3231] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3231] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3231] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3231] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3231] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3231] mkdir("./file0", 0777) = 0 [pid 3231] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3231] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3231] ioctl(4, LOOP_CLR_FD) = 0 [pid 3231] close(4) = 0 [pid 3231] close(3) = 0 [pid 3231] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3230] <... futex resumed>) = 0 [pid 3230] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3230] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3231] <... futex resumed>) = 1 [pid 3231] chdir("./file0") = 0 [pid 3231] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3230] <... futex resumed>) = 0 [pid 3230] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3230] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3231] <... futex resumed>) = 1 [pid 3231] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3231] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3230] <... futex resumed>) = 0 [pid 3230] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3230] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3230] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3230] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3234], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3234 [pid 3230] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3230] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3231] <... futex resumed>) = 1 [pid 3231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3231] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3231] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3234 attached [pid 3234] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3234] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3234] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3230] <... futex resumed>) = 0 [pid 3230] exit_group(0) = ? [pid 3231] <... futex resumed>) = ? [pid 3231] +++ exited with 0 +++ [pid 3234] <... futex resumed>) = ? [pid 3234] +++ exited with 0 +++ [pid 3230] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3230, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./578", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./578", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./578/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./578/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./578/binderfs") = 0 umount2("./578/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./578/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./578/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./578/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./578/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./578/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./578") = 0 mkdir("./579", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3235 ./strace-static-x86_64: Process 3235 attached [pid 3235] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3235] chdir("./579") = 0 [pid 3235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3235] setpgid(0, 0) = 0 [pid 3235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3235] write(3, "1000", 4) = 4 [pid 3235] close(3) = 0 [pid 3235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3235] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3235] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3235] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3236], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3236 [pid 3235] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3235] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3236 attached [pid 3236] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3236] memfd_create("syzkaller", 0) = 3 [pid 3236] ftruncate(3, 2097152) = 0 [pid 3236] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3236] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3236] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3236] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3236] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3236] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3236] mkdir("./file0", 0777) = 0 [pid 3236] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3236] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3236] ioctl(4, LOOP_CLR_FD) = 0 [pid 3236] close(4) = 0 [pid 3236] close(3) = 0 [pid 3236] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3235] <... futex resumed>) = 0 [pid 3235] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3235] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3236] chdir("./file0") = 0 [pid 3236] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3235] <... futex resumed>) = 0 [pid 3235] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3235] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3236] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3236] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3235] <... futex resumed>) = 0 [pid 3235] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3235] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3235] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3235] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3239], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3239 [pid 3235] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3235] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3236] <... futex resumed>) = 1 [pid 3236] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3236] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3236] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3239 attached [pid 3239] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3239] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3239] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3235] <... futex resumed>) = 0 [pid 3235] exit_group(0) = ? [pid 3236] <... futex resumed>) = ? [pid 3236] +++ exited with 0 +++ [pid 3239] +++ exited with 0 +++ [pid 3235] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3235, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./579", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./579", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./579/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./579/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./579/binderfs") = 0 umount2("./579/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./579/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./579/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./579/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./579/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./579/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./579") = 0 mkdir("./580", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3240 ./strace-static-x86_64: Process 3240 attached [pid 3240] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3240] chdir("./580") = 0 [pid 3240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3240] setpgid(0, 0) = 0 [pid 3240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3240] write(3, "1000", 4) = 4 [pid 3240] close(3) = 0 [pid 3240] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3240] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3240] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3240] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3241], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3241 [pid 3240] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3240] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3241 attached [pid 3241] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3241] memfd_create("syzkaller", 0) = 3 [pid 3241] ftruncate(3, 2097152) = 0 [pid 3241] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3241] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3241] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3241] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3241] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3241] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3241] mkdir("./file0", 0777) = 0 [pid 3241] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3241] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3241] ioctl(4, LOOP_CLR_FD) = 0 [pid 3241] close(4) = 0 [pid 3241] close(3) = 0 [pid 3241] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3240] <... futex resumed>) = 0 [pid 3240] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3241] chdir("./file0" [pid 3240] <... futex resumed>) = 0 [pid 3240] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3241] <... chdir resumed>) = 0 [pid 3241] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3240] <... futex resumed>) = 0 [pid 3240] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3240] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3241] <... futex resumed>) = 1 [pid 3241] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3241] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3240] <... futex resumed>) = 0 [pid 3241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3240] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3240] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3240] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 3241] <... write resumed>) = 61 [pid 3241] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3240] <... mprotect resumed>) = 0 [pid 3241] <... futex resumed>) = 0 [pid 3241] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3240] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3244], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3244 ./strace-static-x86_64: Process 3244 attached [pid 3240] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3244] set_robust_list(0x7f697cdce9e0, 24 [pid 3240] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3244] <... set_robust_list resumed>) = 0 [pid 3244] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3244] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3240] <... futex resumed>) = 0 [pid 3240] exit_group(0) = ? [pid 3241] <... futex resumed>) = ? [pid 3241] +++ exited with 0 +++ [pid 3244] +++ exited with 0 +++ [pid 3240] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3240, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./580", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./580", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./580/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./580/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./580/binderfs") = 0 umount2("./580/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./580/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./580/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./580/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./580/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./580/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./580") = 0 mkdir("./581", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3245 ./strace-static-x86_64: Process 3245 attached [pid 3245] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3245] chdir("./581") = 0 [pid 3245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3245] setpgid(0, 0) = 0 [pid 3245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3245] write(3, "1000", 4) = 4 [pid 3245] close(3) = 0 [pid 3245] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3245] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3245] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3245] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3246], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3246 [pid 3245] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3245] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3246 attached [pid 3246] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3246] memfd_create("syzkaller", 0) = 3 [pid 3246] ftruncate(3, 2097152) = 0 [pid 3246] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3246] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3246] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3246] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3246] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3246] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3246] mkdir("./file0", 0777) = 0 [pid 3246] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3246] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3246] ioctl(4, LOOP_CLR_FD) = 0 [pid 3246] close(4) = 0 [pid 3246] close(3) = 0 [pid 3246] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3245] <... futex resumed>) = 0 [pid 3246] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3245] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3245] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3246] chdir("./file0") = 0 [pid 3246] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3245] <... futex resumed>) = 0 [pid 3246] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3245] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3245] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3246] <... openat resumed>) = 3 [pid 3246] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3245] <... futex resumed>) = 0 [pid 3246] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3245] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3246] <... write resumed>) = 61 [pid 3245] <... futex resumed>) = 0 [pid 3246] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3245] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3246] <... futex resumed>) = 0 [pid 3245] <... futex resumed>) = 0 [pid 3246] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3245] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3246] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3246] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3245] <... futex resumed>) = 0 [pid 3246] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3245] exit_group(0 [pid 3246] <... futex resumed>) = ? [pid 3245] <... exit_group resumed>) = ? [pid 3246] +++ exited with 0 +++ [pid 3245] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3245, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./581", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./581", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./581/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./581/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./581/binderfs") = 0 umount2("./581/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./581/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./581/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./581/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./581/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./581/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./581") = 0 mkdir("./582", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3249 ./strace-static-x86_64: Process 3249 attached [pid 3249] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3249] chdir("./582") = 0 [pid 3249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3249] setpgid(0, 0) = 0 [pid 3249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3249] write(3, "1000", 4) = 4 [pid 3249] close(3) = 0 [pid 3249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3249] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3249] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3249] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3250], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3250 [pid 3249] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3249] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3250 attached [pid 3250] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3250] memfd_create("syzkaller", 0) = 3 [pid 3250] ftruncate(3, 2097152) = 0 [pid 3250] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3250] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3250] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3250] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3250] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3250] mkdir("./file0", 0777) = 0 [pid 3250] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3250] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3250] ioctl(4, LOOP_CLR_FD) = 0 [pid 3250] close(4) = 0 [pid 3250] close(3) = 0 [pid 3250] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3249] <... futex resumed>) = 0 [pid 3249] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3249] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3250] chdir("./file0") = 0 [pid 3250] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3249] <... futex resumed>) = 0 [pid 3249] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3249] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3250] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3250] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3249] <... futex resumed>) = 0 [pid 3249] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3249] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3249] <... mmap resumed>) = 0x7f697cdae000 [pid 3250] <... write resumed>) = 61 [pid 3249] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 3250] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3249] <... mprotect resumed>) = 0 [pid 3250] <... futex resumed>) = 0 [pid 3249] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3250] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3249] <... clone resumed>, parent_tid=[3253], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3253 [pid 3249] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3249] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3253 attached [pid 3253] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3253] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3253] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3249] <... futex resumed>) = 0 [pid 3249] exit_group(0 [pid 3250] <... futex resumed>) = ? [pid 3249] <... exit_group resumed>) = ? [pid 3250] +++ exited with 0 +++ [pid 3253] <... futex resumed>) = ? [pid 3253] +++ exited with 0 +++ [pid 3249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3249, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./582", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./582", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./582/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./582/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./582/binderfs") = 0 umount2("./582/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./582/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./582/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./582/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./582/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./582/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./582") = 0 mkdir("./583", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3254 ./strace-static-x86_64: Process 3254 attached [pid 3254] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3254] chdir("./583") = 0 [pid 3254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3254] setpgid(0, 0) = 0 [pid 3254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3254] write(3, "1000", 4) = 4 [pid 3254] close(3) = 0 [pid 3254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3254] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3254] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3254] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3255], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3255 [pid 3254] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3254] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3255 attached [pid 3255] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3255] memfd_create("syzkaller", 0) = 3 [pid 3255] ftruncate(3, 2097152) = 0 [pid 3255] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3255] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3255] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3255] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3255] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3255] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3255] mkdir("./file0", 0777) = 0 [pid 3255] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3255] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3255] ioctl(4, LOOP_CLR_FD) = 0 [pid 3255] close(4) = 0 [pid 3255] close(3) = 0 [pid 3255] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3255] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3254] <... futex resumed>) = 0 [pid 3254] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3255] chdir("./file0") = 0 [pid 3254] <... futex resumed>) = 0 [pid 3255] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3254] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3255] <... futex resumed>) = 0 [pid 3255] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3254] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3254] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3255] <... futex resumed>) = 0 [pid 3254] <... futex resumed>) = 1 [pid 3254] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3255] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3255] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3254] <... futex resumed>) = 0 [pid 3255] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3254] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3254] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3255] <... write resumed>) = 61 [pid 3255] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3255] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3254] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3254] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3258 attached , parent_tid=[3258], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3258 [pid 3254] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3254] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3258] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3258] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3258] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3254] <... futex resumed>) = 0 [pid 3254] exit_group(0) = ? [pid 3255] <... futex resumed>) = ? [pid 3258] <... futex resumed>) = ? [pid 3255] +++ exited with 0 +++ [pid 3258] +++ exited with 0 +++ [pid 3254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3254, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./583", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./583", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./583/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./583/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./583/binderfs") = 0 umount2("./583/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./583/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./583/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./583/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./583/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./583/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./583") = 0 mkdir("./584", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3259 ./strace-static-x86_64: Process 3259 attached [pid 3259] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3259] chdir("./584") = 0 [pid 3259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3259] setpgid(0, 0) = 0 [pid 3259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3259] write(3, "1000", 4) = 4 [pid 3259] close(3) = 0 [pid 3259] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3259] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3259] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3259] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3260 attached , parent_tid=[3260], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3260 [pid 3260] set_robust_list(0x7f697cdef9e0, 24 [pid 3259] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3259] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3260] <... set_robust_list resumed>) = 0 [pid 3260] memfd_create("syzkaller", 0) = 3 [pid 3260] ftruncate(3, 2097152) = 0 [pid 3260] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3260] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3260] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3260] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3260] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3260] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3260] mkdir("./file0", 0777) = 0 [pid 3260] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3260] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3260] ioctl(4, LOOP_CLR_FD) = 0 [pid 3260] close(4) = 0 [pid 3260] close(3) = 0 [pid 3260] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3259] <... futex resumed>) = 0 [pid 3260] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3259] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3259] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3260] <... futex resumed>) = 0 [pid 3260] chdir("./file0") = 0 [pid 3260] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3259] <... futex resumed>) = 0 [pid 3259] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3259] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3260] <... futex resumed>) = 1 [pid 3260] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3260] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3259] <... futex resumed>) = 0 [pid 3259] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3259] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3259] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3259] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3263 attached , parent_tid=[3263], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3263 [pid 3263] set_robust_list(0x7f697cdce9e0, 24 [pid 3259] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3263] <... set_robust_list resumed>) = 0 [pid 3259] <... futex resumed>) = 0 [pid 3263] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3259] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3260] <... futex resumed>) = 1 [pid 3263] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3263] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3260] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3259] <... futex resumed>) = 0 [pid 3263] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3260] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 3260] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3260] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3259] exit_group(0) = ? [pid 3260] <... futex resumed>) = ? [pid 3260] +++ exited with 0 +++ [pid 3263] <... futex resumed>) = ? [pid 3263] +++ exited with 0 +++ [pid 3259] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3259, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./584", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./584", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./584/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./584/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./584/binderfs") = 0 umount2("./584/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./584/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./584/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./584/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./584/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./584/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./584") = 0 mkdir("./585", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3264 ./strace-static-x86_64: Process 3264 attached [pid 3264] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3264] chdir("./585") = 0 [pid 3264] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3264] setpgid(0, 0) = 0 [pid 3264] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3264] write(3, "1000", 4) = 4 [pid 3264] close(3) = 0 [pid 3264] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3264] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3264] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3264] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3265], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3265 [pid 3264] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3264] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3265 attached [pid 3265] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3265] memfd_create("syzkaller", 0) = 3 [pid 3265] ftruncate(3, 2097152) = 0 [pid 3265] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3265] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3265] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3265] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3265] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3265] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3265] mkdir("./file0", 0777) = 0 [pid 3265] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3265] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3265] ioctl(4, LOOP_CLR_FD) = 0 [pid 3265] close(4) = 0 [pid 3265] close(3) = 0 [pid 3265] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3264] <... futex resumed>) = 0 [pid 3264] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3264] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3265] <... futex resumed>) = 1 [pid 3265] chdir("./file0") = 0 [pid 3265] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3264] <... futex resumed>) = 0 [pid 3264] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3264] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3265] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3265] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3264] <... futex resumed>) = 0 [pid 3264] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3264] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3265] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3264] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 3265] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3264] <... mprotect resumed>) = 0 [pid 3265] <... futex resumed>) = 0 [pid 3265] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3264] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3268 attached [pid 3268] set_robust_list(0x7f697cdce9e0, 24 [pid 3264] <... clone resumed>, parent_tid=[3268], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3268 [pid 3268] <... set_robust_list resumed>) = 0 [pid 3264] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3268] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3264] <... futex resumed>) = 0 [pid 3264] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3268] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3268] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3264] <... futex resumed>) = 0 [pid 3268] <... futex resumed>) = 1 [pid 3264] exit_group(0) = ? [pid 3265] <... futex resumed>) = ? [pid 3265] +++ exited with 0 +++ [pid 3268] +++ exited with 0 +++ [pid 3264] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3264, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./585", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./585", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./585/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./585/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./585/binderfs") = 0 umount2("./585/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./585/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./585/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./585/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./585/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./585/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./585") = 0 mkdir("./586", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3269 ./strace-static-x86_64: Process 3269 attached [pid 3269] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3269] chdir("./586") = 0 [pid 3269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3269] setpgid(0, 0) = 0 [pid 3269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3269] write(3, "1000", 4) = 4 [pid 3269] close(3) = 0 [pid 3269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3269] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3269] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3269] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3270], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3270 [pid 3269] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3269] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3270 attached [pid 3270] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3270] memfd_create("syzkaller", 0) = 3 [pid 3270] ftruncate(3, 2097152) = 0 [pid 3270] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3270] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3270] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3270] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3270] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3270] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3270] mkdir("./file0", 0777) = 0 [pid 3270] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3270] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3270] ioctl(4, LOOP_CLR_FD) = 0 [pid 3270] close(4) = 0 [pid 3270] close(3) = 0 [pid 3270] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3269] <... futex resumed>) = 0 [pid 3269] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3269] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3270] <... futex resumed>) = 1 [pid 3270] chdir("./file0") = 0 [pid 3270] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3269] <... futex resumed>) = 0 [pid 3269] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3269] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3270] <... futex resumed>) = 1 [pid 3270] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3270] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3269] <... futex resumed>) = 0 [pid 3269] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3269] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3269] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3269] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3273], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3273 [pid 3269] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3269] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3270] <... futex resumed>) = 1 [pid 3270] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3270] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3270] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3273 attached [pid 3273] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3273] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3273] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3269] <... futex resumed>) = 0 [pid 3269] exit_group(0 [pid 3270] <... futex resumed>) = ? [pid 3269] <... exit_group resumed>) = ? [pid 3270] +++ exited with 0 +++ [pid 3273] <... futex resumed>) = ? [pid 3273] +++ exited with 0 +++ [pid 3269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3269, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./586", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./586", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./586/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./586/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./586/binderfs") = 0 umount2("./586/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./586/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./586/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./586/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./586/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./586/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./586") = 0 mkdir("./587", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3274 ./strace-static-x86_64: Process 3274 attached [pid 3274] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3274] chdir("./587") = 0 [pid 3274] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3274] setpgid(0, 0) = 0 [pid 3274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3274] write(3, "1000", 4) = 4 [pid 3274] close(3) = 0 [pid 3274] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3274] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3274] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3274] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3275], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3275 [pid 3274] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3274] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3275 attached [pid 3275] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3275] memfd_create("syzkaller", 0) = 3 [pid 3275] ftruncate(3, 2097152) = 0 [pid 3275] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3275] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3275] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3275] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3275] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3275] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3275] mkdir("./file0", 0777) = 0 [pid 3275] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3275] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3275] ioctl(4, LOOP_CLR_FD) = 0 [pid 3275] close(4) = 0 [pid 3275] close(3) = 0 [pid 3275] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3274] <... futex resumed>) = 0 [pid 3274] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3274] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3275] chdir("./file0") = 0 [pid 3275] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3274] <... futex resumed>) = 0 [pid 3274] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3274] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3275] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3275] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3274] <... futex resumed>) = 0 [pid 3274] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3274] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3274] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3274] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3278 attached , parent_tid=[3278], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3278 [pid 3278] set_robust_list(0x7f697cdce9e0, 24 [pid 3274] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3275] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3274] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3278] <... set_robust_list resumed>) = 0 [pid 3278] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3278] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3274] <... futex resumed>) = 0 [pid 3278] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3275] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 3275] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3275] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3274] exit_group(0) = ? [pid 3278] <... futex resumed>) = ? [pid 3275] <... futex resumed>) = ? [pid 3278] +++ exited with 0 +++ [pid 3275] +++ exited with 0 +++ [pid 3274] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3274, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./587", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./587", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./587/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./587/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./587/binderfs") = 0 umount2("./587/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./587/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./587/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./587/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./587/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./587/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./587") = 0 mkdir("./588", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3279 ./strace-static-x86_64: Process 3279 attached [pid 3279] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3279] chdir("./588") = 0 [pid 3279] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3279] setpgid(0, 0) = 0 [pid 3279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3279] write(3, "1000", 4) = 4 [pid 3279] close(3) = 0 [pid 3279] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3279] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3279] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3279] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3280], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3280 [pid 3279] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3279] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3280 attached [pid 3280] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3280] memfd_create("syzkaller", 0) = 3 [pid 3280] ftruncate(3, 2097152) = 0 [pid 3280] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3280] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3280] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3280] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3280] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3280] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3280] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3280] mkdir("./file0", 0777) = 0 [pid 3280] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3280] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3280] ioctl(4, LOOP_CLR_FD) = 0 [pid 3280] close(4) = 0 [pid 3280] close(3) = 0 [pid 3280] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3279] <... futex resumed>) = 0 [pid 3279] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3279] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3280] chdir("./file0") = 0 [pid 3280] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3279] <... futex resumed>) = 0 [pid 3279] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3279] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3280] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3280] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3279] <... futex resumed>) = 0 [pid 3279] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3279] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3279] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3279] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3283 attached , parent_tid=[3283], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3283 [pid 3279] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3279] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3280] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3280] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3280] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3283] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3283] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3283] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3279] <... futex resumed>) = 0 [pid 3279] exit_group(0 [pid 3280] <... futex resumed>) = ? [pid 3279] <... exit_group resumed>) = ? [pid 3280] +++ exited with 0 +++ [pid 3283] <... futex resumed>) = ? [pid 3283] +++ exited with 0 +++ [pid 3279] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3279, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./588", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./588", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./588/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./588/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./588/binderfs") = 0 umount2("./588/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./588/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./588/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./588/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./588/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./588/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./588") = 0 mkdir("./589", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3284 ./strace-static-x86_64: Process 3284 attached [pid 3284] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3284] chdir("./589") = 0 [pid 3284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3284] setpgid(0, 0) = 0 [pid 3284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3284] write(3, "1000", 4) = 4 [pid 3284] close(3) = 0 [pid 3284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3284] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3284] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3284] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3285], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3285 [pid 3284] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3284] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3285 attached [pid 3285] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3285] memfd_create("syzkaller", 0) = 3 [pid 3285] ftruncate(3, 2097152) = 0 [pid 3285] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3285] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3285] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3285] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3285] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3285] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3285] mkdir("./file0", 0777) = 0 [pid 3285] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3285] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3285] ioctl(4, LOOP_CLR_FD) = 0 [pid 3285] close(4) = 0 [pid 3285] close(3) = 0 [pid 3285] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3284] <... futex resumed>) = 0 [pid 3284] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3284] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3285] <... futex resumed>) = 1 [pid 3285] chdir("./file0") = 0 [pid 3285] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3284] <... futex resumed>) = 0 [pid 3284] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3284] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3285] <... futex resumed>) = 1 [pid 3285] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3285] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3284] <... futex resumed>) = 0 [pid 3285] <... futex resumed>) = 1 [pid 3284] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3285] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3284] <... futex resumed>) = 0 [pid 3284] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3285] <... write resumed>) = 61 [pid 3284] <... mmap resumed>) = 0x7f697cdae000 [pid 3285] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3284] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 3285] <... futex resumed>) = 0 [pid 3284] <... mprotect resumed>) = 0 [pid 3285] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3284] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3288], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3288 [pid 3284] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3284] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3288 attached [pid 3288] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3288] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3288] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3284] <... futex resumed>) = 0 [pid 3284] exit_group(0) = ? [pid 3285] <... futex resumed>) = ? [pid 3285] +++ exited with 0 +++ [pid 3288] <... futex resumed>) = ? [pid 3288] +++ exited with 0 +++ [pid 3284] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3284, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./589", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./589", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./589/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./589/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./589/binderfs") = 0 umount2("./589/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./589/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./589/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./589/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./589/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./589/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./589") = 0 mkdir("./590", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3289 ./strace-static-x86_64: Process 3289 attached [pid 3289] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3289] chdir("./590") = 0 [pid 3289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3289] setpgid(0, 0) = 0 [pid 3289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3289] write(3, "1000", 4) = 4 [pid 3289] close(3) = 0 [pid 3289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3289] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3289] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3289] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3290], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3290 [pid 3289] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3289] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3290 attached [pid 3290] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3290] memfd_create("syzkaller", 0) = 3 [pid 3290] ftruncate(3, 2097152) = 0 [pid 3290] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3290] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3290] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3290] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3290] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3290] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3290] mkdir("./file0", 0777) = 0 [pid 3290] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3290] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3290] ioctl(4, LOOP_CLR_FD) = 0 [pid 3290] close(4) = 0 [pid 3290] close(3) = 0 [pid 3290] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3289] <... futex resumed>) = 0 [pid 3289] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3289] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3290] <... futex resumed>) = 1 [pid 3290] chdir("./file0") = 0 [pid 3290] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3289] <... futex resumed>) = 0 [pid 3289] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3289] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3290] <... futex resumed>) = 1 [pid 3290] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3290] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3289] <... futex resumed>) = 0 [pid 3289] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3289] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3289] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3289] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3293], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3293 [pid 3289] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3289] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3290] <... futex resumed>) = 1 [pid 3290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3290] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3290] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3293 attached [pid 3293] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3293] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3293] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3289] <... futex resumed>) = 0 [pid 3289] exit_group(0) = ? [pid 3290] <... futex resumed>) = ? [pid 3290] +++ exited with 0 +++ [pid 3293] +++ exited with 0 +++ [pid 3289] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3289, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./590", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./590", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./590/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./590/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./590/binderfs") = 0 umount2("./590/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./590/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./590/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./590/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./590/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./590/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./590") = 0 mkdir("./591", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3294 ./strace-static-x86_64: Process 3294 attached [pid 3294] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3294] chdir("./591") = 0 [pid 3294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3294] setpgid(0, 0) = 0 [pid 3294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3294] write(3, "1000", 4) = 4 [pid 3294] close(3) = 0 [pid 3294] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3294] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3294] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3294] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3295], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3295 [pid 3294] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3294] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3295 attached [pid 3295] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3295] memfd_create("syzkaller", 0) = 3 [pid 3295] ftruncate(3, 2097152) = 0 [pid 3295] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3295] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3295] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3295] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3295] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3295] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3295] mkdir("./file0", 0777) = 0 [pid 3295] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3295] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3295] ioctl(4, LOOP_CLR_FD) = 0 [pid 3295] close(4) = 0 [pid 3295] close(3) = 0 [pid 3295] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3294] <... futex resumed>) = 0 [pid 3295] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3294] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3295] chdir("./file0" [pid 3294] <... futex resumed>) = 0 [pid 3295] <... chdir resumed>) = 0 [pid 3294] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3295] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3295] <... futex resumed>) = 0 [pid 3294] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3295] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3294] <... futex resumed>) = 0 [pid 3294] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3295] <... openat resumed>) = 3 [pid 3295] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3294] <... futex resumed>) = 0 [pid 3295] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3294] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3294] <... futex resumed>) = 0 [pid 3295] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3294] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3295] <... write resumed>) = 61 [pid 3294] <... futex resumed>) = 0 [pid 3295] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3295] <... futex resumed>) = 0 [pid 3294] <... mmap resumed>) = 0x7f697cdae000 [pid 3295] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3294] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3294] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3298], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3298 [pid 3294] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3294] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3298 attached [pid 3298] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3298] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3298] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3294] <... futex resumed>) = 0 [pid 3294] exit_group(0) = ? [pid 3295] <... futex resumed>) = ? [pid 3295] +++ exited with 0 +++ [pid 3298] <... futex resumed>) = ? [pid 3298] +++ exited with 0 +++ [pid 3294] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3294, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./591", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./591", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./591/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./591/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./591/binderfs") = 0 umount2("./591/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./591/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./591/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./591/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./591/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./591/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./591") = 0 mkdir("./592", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3299 ./strace-static-x86_64: Process 3299 attached [pid 3299] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3299] chdir("./592") = 0 [pid 3299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3299] setpgid(0, 0) = 0 [pid 3299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3299] write(3, "1000", 4) = 4 [pid 3299] close(3) = 0 [pid 3299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3299] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3299] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3299] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3300], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3300 [pid 3299] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3299] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3300 attached [pid 3300] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3300] memfd_create("syzkaller", 0) = 3 [pid 3300] ftruncate(3, 2097152) = 0 [pid 3300] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3300] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3300] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3300] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3300] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3300] mkdir("./file0", 0777) = 0 [pid 3300] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3300] ioctl(4, LOOP_CLR_FD) = 0 [pid 3300] close(4) = 0 [pid 3300] close(3) = 0 [pid 3300] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3299] <... futex resumed>) = 0 [pid 3300] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3299] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3299] <... futex resumed>) = 0 [pid 3300] chdir("./file0" [pid 3299] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3300] <... chdir resumed>) = 0 [pid 3300] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3299] <... futex resumed>) = 0 [pid 3299] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3300] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3299] <... futex resumed>) = 0 [pid 3299] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3300] <... openat resumed>) = 3 [pid 3300] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3300] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3299] <... futex resumed>) = 0 [pid 3299] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3300] <... futex resumed>) = 0 [pid 3299] <... futex resumed>) = 1 [pid 3300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3299] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3300] <... write resumed>) = 61 [pid 3299] <... mmap resumed>) = 0x7f697cdae000 [pid 3300] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3299] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 3300] <... futex resumed>) = 0 [pid 3300] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3299] <... mprotect resumed>) = 0 [pid 3299] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3303 attached , parent_tid=[3303], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3303 [pid 3299] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3299] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3303] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3303] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3303] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3303] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3299] <... futex resumed>) = 0 [pid 3299] exit_group(0) = ? [pid 3303] <... futex resumed>) = ? [pid 3300] <... futex resumed>) = ? [pid 3303] +++ exited with 0 +++ [pid 3300] +++ exited with 0 +++ [pid 3299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3299, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./592", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./592", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./592/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./592/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./592/binderfs") = 0 umount2("./592/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./592/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./592/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./592/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./592/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./592/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./592") = 0 mkdir("./593", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3304 ./strace-static-x86_64: Process 3304 attached [pid 3304] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3304] chdir("./593") = 0 [pid 3304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3304] setpgid(0, 0) = 0 [pid 3304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3304] write(3, "1000", 4) = 4 [pid 3304] close(3) = 0 [pid 3304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3304] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3304] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3304] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3305], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3305 [pid 3304] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3304] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3305 attached [pid 3305] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3305] memfd_create("syzkaller", 0) = 3 [pid 3305] ftruncate(3, 2097152) = 0 [pid 3305] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3305] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3305] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3305] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3305] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3305] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3305] mkdir("./file0", 0777) = 0 [pid 3305] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3305] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3305] ioctl(4, LOOP_CLR_FD) = 0 [pid 3305] close(4) = 0 [pid 3305] close(3) = 0 [pid 3305] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3304] <... futex resumed>) = 0 [pid 3304] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3304] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3305] <... futex resumed>) = 1 [pid 3305] chdir("./file0") = 0 [pid 3305] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3304] <... futex resumed>) = 0 [pid 3304] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3304] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3305] <... futex resumed>) = 1 [pid 3305] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3305] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3304] <... futex resumed>) = 0 [pid 3304] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3304] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3304] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3304] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3304] <... clone resumed>, parent_tid=[3308], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3308 [pid 3304] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3305] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3304] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3308 attached [pid 3308] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3305] <... futex resumed>) = 0 [pid 3308] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3305] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3308] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3308] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3304] <... futex resumed>) = 0 [pid 3304] exit_group(0) = ? [pid 3305] <... futex resumed>) = ? [pid 3305] +++ exited with 0 +++ [pid 3308] <... futex resumed>) = ? [pid 3308] +++ exited with 0 +++ [pid 3304] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3304, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./593", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./593", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./593/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./593/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./593/binderfs") = 0 umount2("./593/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./593/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./593/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./593/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./593/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./593/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./593") = 0 mkdir("./594", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3309 ./strace-static-x86_64: Process 3309 attached [pid 3309] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3309] chdir("./594") = 0 [pid 3309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3309] setpgid(0, 0) = 0 [pid 3309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3309] write(3, "1000", 4) = 4 [pid 3309] close(3) = 0 [pid 3309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3309] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3309] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3309] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3310], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3310 [pid 3309] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3309] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3310 attached [pid 3310] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3310] memfd_create("syzkaller", 0) = 3 [pid 3310] ftruncate(3, 2097152) = 0 [pid 3310] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3310] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3310] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3310] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3310] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3310] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3310] mkdir("./file0", 0777) = 0 [pid 3310] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3310] ioctl(4, LOOP_CLR_FD) = 0 [pid 3310] close(4) = 0 [pid 3310] close(3) = 0 [pid 3310] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3309] <... futex resumed>) = 0 [pid 3309] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3309] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3310] <... futex resumed>) = 1 [pid 3310] chdir("./file0") = 0 [pid 3310] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3309] <... futex resumed>) = 0 [pid 3309] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3309] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3310] <... futex resumed>) = 1 [pid 3310] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3310] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3309] <... futex resumed>) = 0 [pid 3309] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3309] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3309] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3309] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3313], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3313 [pid 3309] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3309] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3310] <... futex resumed>) = 1 [pid 3310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3310] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3310] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3313 attached [pid 3313] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3313] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3313] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3309] <... futex resumed>) = 0 [pid 3313] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3309] exit_group(0) = ? [pid 3310] <... futex resumed>) = ? [pid 3310] +++ exited with 0 +++ [pid 3313] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 3313] +++ exited with 0 +++ [pid 3309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3309, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./594", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./594", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./594/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./594/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./594/binderfs") = 0 umount2("./594/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./594/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./594/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./594/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./594/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./594/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./594") = 0 mkdir("./595", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3314 ./strace-static-x86_64: Process 3314 attached [pid 3314] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3314] chdir("./595") = 0 [pid 3314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3314] setpgid(0, 0) = 0 [pid 3314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3314] write(3, "1000", 4) = 4 [pid 3314] close(3) = 0 [pid 3314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3314] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3314] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3314] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3315], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3315 [pid 3314] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3315 attached [pid 3315] set_robust_list(0x7f697cdef9e0, 24 [pid 3314] <... futex resumed>) = 0 [pid 3315] <... set_robust_list resumed>) = 0 [pid 3315] memfd_create("syzkaller", 0) = 3 [pid 3315] ftruncate(3, 2097152) = 0 [pid 3315] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3315] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3315] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3315] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3315] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3315] mkdir("./file0", 0777) = 0 [pid 3315] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue" [pid 3314] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3315] <... mount resumed>) = 0 [pid 3315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3315] ioctl(4, LOOP_CLR_FD) = 0 [pid 3315] close(4) = 0 [pid 3315] close(3) = 0 [pid 3315] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3315] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3314] <... futex resumed>) = 0 [pid 3314] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3315] <... futex resumed>) = 0 [pid 3315] chdir("./file0") = 0 [pid 3315] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3315] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3314] <... futex resumed>) = 1 [pid 3314] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3314] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3314] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3315] <... futex resumed>) = 0 [pid 3315] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3315] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3315] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3314] <... futex resumed>) = 0 [pid 3314] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3315] <... futex resumed>) = 0 [pid 3315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3315] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3315] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3314] <... futex resumed>) = 1 [pid 3314] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3315] <... futex resumed>) = 0 [pid 3315] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3315] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3315] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3314] <... futex resumed>) = 1 [pid 3314] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3314] exit_group(0 [pid 3315] <... futex resumed>) = ? [pid 3315] +++ exited with 0 +++ [pid 3314] <... exit_group resumed>) = ? [pid 3314] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3314, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./595", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./595", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./595/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./595/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./595/binderfs") = 0 umount2("./595/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./595/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./595/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./595/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./595/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./595/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./595") = 0 mkdir("./596", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3318 ./strace-static-x86_64: Process 3318 attached [pid 3318] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3318] chdir("./596") = 0 [pid 3318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3318] setpgid(0, 0) = 0 [pid 3318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3318] write(3, "1000", 4) = 4 [pid 3318] close(3) = 0 [pid 3318] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3318] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3318] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3318] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3319], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3319 [pid 3318] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3318] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3319 attached [pid 3319] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3319] memfd_create("syzkaller", 0) = 3 [pid 3319] ftruncate(3, 2097152) = 0 [pid 3319] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3319] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3319] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3319] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3319] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3319] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3319] mkdir("./file0", 0777) = 0 [pid 3319] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3319] ioctl(4, LOOP_CLR_FD) = 0 [pid 3319] close(4) = 0 [pid 3319] close(3) = 0 [pid 3319] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3318] <... futex resumed>) = 0 [pid 3318] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3318] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3319] chdir("./file0") = 0 [pid 3319] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3318] <... futex resumed>) = 0 [pid 3318] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3318] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3319] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3319] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3318] <... futex resumed>) = 0 [pid 3318] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3318] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3318] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3318] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3322], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3322 [pid 3318] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3318] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3319] <... write resumed>) = 61 [pid 3319] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3319] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3322 attached [pid 3322] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3322] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3322] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3318] <... futex resumed>) = 0 [pid 3318] exit_group(0 [pid 3319] <... futex resumed>) = ? [pid 3318] <... exit_group resumed>) = ? [pid 3319] +++ exited with 0 +++ [pid 3322] <... futex resumed>) = ? [pid 3322] +++ exited with 0 +++ [pid 3318] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3318, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./596", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./596", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./596/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./596/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./596/binderfs") = 0 umount2("./596/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./596/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./596/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./596/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./596/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./596/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./596") = 0 mkdir("./597", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3323 ./strace-static-x86_64: Process 3323 attached [pid 3323] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3323] chdir("./597") = 0 [pid 3323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3323] setpgid(0, 0) = 0 [pid 3323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3323] write(3, "1000", 4) = 4 [pid 3323] close(3) = 0 [pid 3323] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3323] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3323] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3323] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3324], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3324 [pid 3323] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3323] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3324 attached [pid 3324] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3324] memfd_create("syzkaller", 0) = 3 [pid 3324] ftruncate(3, 2097152) = 0 [pid 3324] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3324] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3324] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3324] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3324] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3324] mkdir("./file0", 0777) = 0 [pid 3324] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3324] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3324] ioctl(4, LOOP_CLR_FD) = 0 [pid 3324] close(4) = 0 [pid 3324] close(3) = 0 [pid 3324] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3323] <... futex resumed>) = 0 [pid 3323] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3323] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3324] chdir("./file0") = 0 [pid 3324] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3323] <... futex resumed>) = 0 [pid 3323] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3323] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3324] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3324] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3323] <... futex resumed>) = 0 [pid 3324] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3323] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3324] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3323] <... futex resumed>) = 0 [pid 3324] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3323] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3324] <... write resumed>) = 61 [pid 3323] <... futex resumed>) = 0 [pid 3324] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3324] <... futex resumed>) = 0 [pid 3323] <... mmap resumed>) = 0x7f697cdae000 [pid 3324] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3323] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3323] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3327], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3327 [pid 3323] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3323] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3327 attached [pid 3327] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3327] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3327] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3323] <... futex resumed>) = 0 [pid 3323] exit_group(0) = ? [pid 3327] <... futex resumed>) = ? [pid 3324] <... futex resumed>) = 231 [pid 3324] +++ exited with 0 +++ [pid 3327] +++ exited with 0 +++ [pid 3323] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3323, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./597", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./597", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./597/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./597/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./597/binderfs") = 0 umount2("./597/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./597/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./597/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./597/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./597/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./597/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./597") = 0 mkdir("./598", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3328 ./strace-static-x86_64: Process 3328 attached [pid 3328] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3328] chdir("./598") = 0 [pid 3328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3328] setpgid(0, 0) = 0 [pid 3328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3328] write(3, "1000", 4) = 4 [pid 3328] close(3) = 0 [pid 3328] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3328] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3328] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3328] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3329], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3329 [pid 3328] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3329 attached ) = 0 [pid 3329] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3329] memfd_create("syzkaller", 0 [pid 3328] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3329] <... memfd_create resumed>) = 3 [pid 3329] ftruncate(3, 2097152) = 0 [pid 3329] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3329] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3329] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3329] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3329] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3329] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3329] mkdir("./file0", 0777) = 0 [pid 3329] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3329] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3329] ioctl(4, LOOP_CLR_FD) = 0 [pid 3329] close(4) = 0 [pid 3329] close(3) = 0 [pid 3329] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3329] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3328] <... futex resumed>) = 0 [pid 3328] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3329] <... futex resumed>) = 0 [pid 3329] chdir("./file0") = 0 [pid 3329] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3329] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3328] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3328] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3329] <... futex resumed>) = 0 [pid 3328] <... futex resumed>) = 1 [pid 3329] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3328] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3329] <... openat resumed>) = 3 [pid 3329] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3328] <... futex resumed>) = 0 [pid 3329] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3328] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3329] <... futex resumed>) = 0 [pid 3329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3328] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3329] <... write resumed>) = 61 [pid 3329] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3328] <... mmap resumed>) = 0x7f697cdae000 [pid 3329] <... futex resumed>) = 0 [pid 3328] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 3329] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3328] <... mprotect resumed>) = 0 [pid 3328] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3332], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3332 [pid 3328] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3328] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3332 attached [pid 3332] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3332] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3332] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3328] <... futex resumed>) = 0 [pid 3328] exit_group(0) = ? [pid 3329] <... futex resumed>) = ? [pid 3329] +++ exited with 0 +++ [pid 3332] <... futex resumed>) = ? [pid 3332] +++ exited with 0 +++ [pid 3328] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3328, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./598", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./598", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./598/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./598/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./598/binderfs") = 0 umount2("./598/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./598/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./598/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./598/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./598/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./598/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./598") = 0 mkdir("./599", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3333 attached , child_tidptr=0x555555cf25d0) = 3333 [pid 3333] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3333] chdir("./599") = 0 [pid 3333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3333] setpgid(0, 0) = 0 [pid 3333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3333] write(3, "1000", 4) = 4 [pid 3333] close(3) = 0 [pid 3333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3333] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3333] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3333] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3334], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3334 [pid 3333] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3333] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3334 attached [pid 3334] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3334] memfd_create("syzkaller", 0) = 3 [pid 3334] ftruncate(3, 2097152) = 0 [pid 3334] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3334] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3334] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3334] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3334] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3334] mkdir("./file0", 0777) = 0 [pid 3334] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3334] ioctl(4, LOOP_CLR_FD) = 0 [pid 3334] close(4) = 0 [pid 3334] close(3) = 0 [pid 3334] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3333] <... futex resumed>) = 0 [pid 3333] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3333] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3334] <... futex resumed>) = 1 [pid 3334] chdir("./file0") = 0 [pid 3334] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3333] <... futex resumed>) = 0 [pid 3333] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3333] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3334] <... futex resumed>) = 1 [pid 3334] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3334] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3333] <... futex resumed>) = 0 [pid 3333] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3333] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3333] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3333] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3337], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3337 [pid 3333] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3333] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3334] <... futex resumed>) = 1 [pid 3334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3334] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3334] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3337 attached [pid 3337] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3337] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3337] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3333] <... futex resumed>) = 0 [pid 3333] exit_group(0 [pid 3334] <... futex resumed>) = ? [pid 3333] <... exit_group resumed>) = ? [pid 3334] +++ exited with 0 +++ [pid 3337] <... futex resumed>) = ? [pid 3337] +++ exited with 0 +++ [pid 3333] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3333, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./599", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./599", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./599/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./599/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./599/binderfs") = 0 umount2("./599/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./599/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./599/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./599/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./599/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./599/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./599") = 0 mkdir("./600", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3338 ./strace-static-x86_64: Process 3338 attached [pid 3338] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3338] chdir("./600") = 0 [pid 3338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3338] setpgid(0, 0) = 0 [pid 3338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3338] write(3, "1000", 4) = 4 [pid 3338] close(3) = 0 [pid 3338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3338] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3338] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3338] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3339], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3339 [pid 3338] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3338] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3339 attached [pid 3339] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3339] memfd_create("syzkaller", 0) = 3 [pid 3339] ftruncate(3, 2097152) = 0 [pid 3339] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3339] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3339] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3339] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3339] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3339] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3339] mkdir("./file0", 0777) = 0 [pid 3339] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3339] ioctl(4, LOOP_CLR_FD) = 0 [pid 3339] close(4) = 0 [pid 3339] close(3) = 0 [pid 3339] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3338] <... futex resumed>) = 0 [pid 3338] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3338] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3339] <... futex resumed>) = 1 [pid 3339] chdir("./file0") = 0 [pid 3339] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3338] <... futex resumed>) = 0 [pid 3338] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3338] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3339] <... futex resumed>) = 1 [pid 3339] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3339] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3338] <... futex resumed>) = 0 [pid 3339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3338] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3339] <... write resumed>) = 61 [pid 3338] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3339] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3338] <... futex resumed>) = 0 [pid 3339] <... futex resumed>) = 0 [pid 3338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3339] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3338] <... mmap resumed>) = 0x7f697cdae000 [pid 3338] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3338] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3342], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3342 [pid 3338] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3342 attached [pid 3338] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3342] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3342] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3342] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3338] <... futex resumed>) = 0 [pid 3338] exit_group(0 [pid 3339] <... futex resumed>) = ? [pid 3338] <... exit_group resumed>) = ? [pid 3339] +++ exited with 0 +++ [pid 3342] +++ exited with 0 +++ [pid 3338] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3338, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./600", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./600", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./600/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./600/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./600/binderfs") = 0 umount2("./600/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./600/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./600/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./600/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./600/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./600/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./600") = 0 mkdir("./601", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3343 ./strace-static-x86_64: Process 3343 attached [pid 3343] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3343] chdir("./601") = 0 [pid 3343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3343] setpgid(0, 0) = 0 [pid 3343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3343] write(3, "1000", 4) = 4 [pid 3343] close(3) = 0 [pid 3343] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3343] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3343] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3343] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3344], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3344 [pid 3343] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3343] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3344 attached [pid 3344] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3344] memfd_create("syzkaller", 0) = 3 [pid 3344] ftruncate(3, 2097152) = 0 [pid 3344] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3344] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3344] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3344] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3344] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3344] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3344] mkdir("./file0", 0777) = 0 [pid 3344] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3344] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3344] ioctl(4, LOOP_CLR_FD) = 0 [pid 3344] close(4) = 0 [pid 3344] close(3) = 0 [pid 3344] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3343] <... futex resumed>) = 0 [pid 3343] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3343] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3344] <... futex resumed>) = 1 [pid 3344] chdir("./file0") = 0 [pid 3344] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3343] <... futex resumed>) = 0 [pid 3343] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3343] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3344] <... futex resumed>) = 1 [pid 3344] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3344] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3343] <... futex resumed>) = 0 [pid 3343] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3343] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3343] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3343] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3347], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3347 [pid 3343] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3343] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3344] <... futex resumed>) = 1 [pid 3344] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3344] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3344] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3347 attached [pid 3347] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3347] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3347] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3343] <... futex resumed>) = 0 [pid 3347] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3343] exit_group(0) = ? [pid 3344] <... futex resumed>) = ? [pid 3344] +++ exited with 0 +++ [pid 3347] <... futex resumed>) = ? [pid 3347] +++ exited with 0 +++ [pid 3343] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3343, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./601", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./601", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./601/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./601/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./601/binderfs") = 0 umount2("./601/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./601/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./601/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./601/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./601/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./601/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./601") = 0 mkdir("./602", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3348 ./strace-static-x86_64: Process 3348 attached [pid 3348] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3348] chdir("./602") = 0 [pid 3348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3348] setpgid(0, 0) = 0 [pid 3348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3348] write(3, "1000", 4) = 4 [pid 3348] close(3) = 0 [pid 3348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3348] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3348] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3348] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3349 attached , parent_tid=[3349], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3349 [pid 3348] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3348] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3349] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3349] memfd_create("syzkaller", 0) = 3 [pid 3349] ftruncate(3, 2097152) = 0 [pid 3349] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3349] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3349] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3349] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3349] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3349] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3349] mkdir("./file0", 0777) = 0 [pid 3349] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3349] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3349] ioctl(4, LOOP_CLR_FD) = 0 [pid 3349] close(4) = 0 [pid 3349] close(3) = 0 [pid 3349] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3348] <... futex resumed>) = 0 [pid 3349] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3348] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3349] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3348] <... futex resumed>) = 0 [pid 3349] chdir("./file0" [pid 3348] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3349] <... chdir resumed>) = 0 [pid 3349] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3348] <... futex resumed>) = 0 [pid 3348] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3348] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3349] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3349] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3348] <... futex resumed>) = 0 [pid 3349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3348] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3349] <... write resumed>) = 61 [pid 3348] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3349] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3348] <... futex resumed>) = 0 [pid 3349] <... futex resumed>) = 0 [pid 3348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3349] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3348] <... mmap resumed>) = 0x7f697cdae000 [pid 3348] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3348] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3352 attached [pid 3352] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3352] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3348] <... clone resumed>, parent_tid=[3352], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3352 [pid 3348] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3352] <... futex resumed>) = 0 [pid 3348] <... futex resumed>) = 1 [pid 3352] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3348] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3352] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3352] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3348] <... futex resumed>) = 0 [pid 3348] exit_group(0) = ? [pid 3349] <... futex resumed>) = ? [pid 3349] +++ exited with 0 +++ [pid 3352] <... futex resumed>) = ? [pid 3352] +++ exited with 0 +++ [pid 3348] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3348, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./602", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./602", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./602/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./602/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./602/binderfs") = 0 umount2("./602/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./602/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./602/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./602/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./602/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./602/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./602") = 0 mkdir("./603", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3353 ./strace-static-x86_64: Process 3353 attached [pid 3353] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3353] chdir("./603") = 0 [pid 3353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3353] setpgid(0, 0) = 0 [pid 3353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3353] write(3, "1000", 4) = 4 [pid 3353] close(3) = 0 [pid 3353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3353] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3353] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3353] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3354], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3354 [pid 3353] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3353] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3354 attached [pid 3354] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3354] memfd_create("syzkaller", 0) = 3 [pid 3354] ftruncate(3, 2097152) = 0 [pid 3354] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3354] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3354] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3354] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3354] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3354] mkdir("./file0", 0777) = 0 [pid 3354] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3354] ioctl(4, LOOP_CLR_FD) = 0 [pid 3354] close(4) = 0 [pid 3354] close(3) = 0 [pid 3354] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3353] <... futex resumed>) = 0 [pid 3354] chdir("./file0" [pid 3353] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3354] <... chdir resumed>) = 0 [pid 3353] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3354] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3353] <... futex resumed>) = 0 [pid 3354] <... futex resumed>) = 1 [pid 3354] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3353] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3353] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3354] <... openat resumed>) = 3 [pid 3354] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3353] <... futex resumed>) = 0 [pid 3354] <... futex resumed>) = 1 [pid 3353] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3353] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3353] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3353] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3357], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3357 [pid 3353] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3353] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3354] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3354] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3357 attached [pid 3357] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3357] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3357] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3353] <... futex resumed>) = 0 [pid 3357] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3353] exit_group(0) = ? [pid 3354] <... futex resumed>) = ? [pid 3354] +++ exited with 0 +++ [pid 3357] <... futex resumed>) = ? [pid 3357] +++ exited with 0 +++ [pid 3353] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3353, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./603", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./603", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./603/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./603/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./603/binderfs") = 0 umount2("./603/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./603/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./603/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./603/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./603/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./603/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./603") = 0 mkdir("./604", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3358 ./strace-static-x86_64: Process 3358 attached [pid 3358] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3358] chdir("./604") = 0 [pid 3358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3358] setpgid(0, 0) = 0 [pid 3358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3358] write(3, "1000", 4) = 4 [pid 3358] close(3) = 0 [pid 3358] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3358] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3358] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3358] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3359], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3359 ./strace-static-x86_64: Process 3359 attached [pid 3358] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3358] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3359] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3359] memfd_create("syzkaller", 0) = 3 [pid 3359] ftruncate(3, 2097152) = 0 [pid 3359] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3359] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3359] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3359] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3359] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3359] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3359] mkdir("./file0", 0777) = 0 [pid 3359] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3359] ioctl(4, LOOP_CLR_FD) = 0 [pid 3359] close(4) = 0 [pid 3359] close(3) = 0 [pid 3359] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3358] <... futex resumed>) = 0 [pid 3358] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3358] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3359] <... futex resumed>) = 1 [pid 3359] chdir("./file0") = 0 [pid 3359] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3358] <... futex resumed>) = 0 [pid 3358] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3358] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3359] <... futex resumed>) = 1 [pid 3359] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3359] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3358] <... futex resumed>) = 0 [pid 3358] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3358] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3358] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3358] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3362], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3362 [pid 3358] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3362 attached [pid 3359] <... futex resumed>) = 1 [pid 3358] <... futex resumed>) = 0 [pid 3362] set_robust_list(0x7f697cdce9e0, 24 [pid 3359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3362] <... set_robust_list resumed>) = 0 [pid 3362] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3359] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3358] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3359] <... futex resumed>) = 0 [pid 3359] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3362] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3362] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3358] exit_group(0) = ? [pid 3359] <... futex resumed>) = ? [pid 3362] <... futex resumed>) = ? [pid 3362] +++ exited with 0 +++ [pid 3359] +++ exited with 0 +++ [pid 3358] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3358, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./604", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./604", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./604/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./604/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./604/binderfs") = 0 umount2("./604/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./604/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./604/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./604/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./604/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./604/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./604") = 0 mkdir("./605", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3363 ./strace-static-x86_64: Process 3363 attached [pid 3363] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3363] chdir("./605") = 0 [pid 3363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3363] setpgid(0, 0) = 0 [pid 3363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3363] write(3, "1000", 4) = 4 [pid 3363] close(3) = 0 [pid 3363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3363] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3363] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3363] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3364], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3364 [pid 3363] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3363] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3364 attached [pid 3364] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3364] memfd_create("syzkaller", 0) = 3 [pid 3364] ftruncate(3, 2097152) = 0 [pid 3364] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3364] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3364] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3364] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3364] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3364] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3364] mkdir("./file0", 0777) = 0 [ 62.336213][ T3359] EXT4-fs mount: 362 callbacks suppressed [ 62.336222][ T3359] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3364] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3364] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3364] ioctl(4, LOOP_CLR_FD) = 0 [pid 3364] close(4) = 0 [pid 3364] close(3) = 0 [pid 3364] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3363] <... futex resumed>) = 0 [pid 3363] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3363] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3364] <... futex resumed>) = 1 [pid 3364] chdir("./file0") = 0 [pid 3364] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3363] <... futex resumed>) = 0 [pid 3363] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3363] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3364] <... futex resumed>) = 1 [pid 3364] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3364] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3363] <... futex resumed>) = 0 [pid 3363] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3363] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3363] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3363] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3367], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3367 [pid 3363] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3363] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3364] <... futex resumed>) = 1 [pid 3364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3364] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3364] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3367 attached [pid 3367] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3367] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3367] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3363] <... futex resumed>) = 0 [pid 3363] exit_group(0) = ? [pid 3364] <... futex resumed>) = ? [pid 3364] +++ exited with 0 +++ [pid 3367] <... futex resumed>) = ? [pid 3367] +++ exited with 0 +++ [pid 3363] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3363, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./605", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./605", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./605/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./605/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./605/binderfs") = 0 umount2("./605/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./605/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./605/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./605/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./605/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./605/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./605") = 0 mkdir("./606", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3368 ./strace-static-x86_64: Process 3368 attached [pid 3368] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3368] chdir("./606") = 0 [pid 3368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3368] setpgid(0, 0) = 0 [pid 3368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3368] write(3, "1000", 4) = 4 [pid 3368] close(3) = 0 [pid 3368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3368] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3368] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3368] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3369], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3369 [pid 3368] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3368] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3369 attached [pid 3369] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3369] memfd_create("syzkaller", 0) = 3 [pid 3369] ftruncate(3, 2097152) = 0 [pid 3369] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3369] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3369] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3369] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3369] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3369] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3369] ioctl(4, LOOP_CLR_FD) = 0 [pid 3369] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [ 62.391566][ T3364] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3369] close(4) = 0 [pid 3369] close(3) = 0 [pid 3369] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3368] <... futex resumed>) = 0 [pid 3368] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3368] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3369] chdir("./file0") = -1 ENOENT (No such file or directory) [pid 3369] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3368] <... futex resumed>) = 0 [pid 3368] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3368] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3369] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3369] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3368] <... futex resumed>) = 0 [pid 3368] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3368] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3368] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3368] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3368] <... clone resumed>, parent_tid=[3370], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3370 [pid 3368] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3368] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3369] <... write resumed>) = 61 [pid 3369] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3369] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3370 attached [pid 3370] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3370] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3370] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3368] <... futex resumed>) = 0 [pid 3368] exit_group(0) = ? [pid 3370] <... futex resumed>) = ? [pid 3370] +++ exited with 0 +++ [pid 3369] <... futex resumed>) = ? [pid 3369] +++ exited with 0 +++ [pid 3368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3368, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./606", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./606", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 128 umount2("./606/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./606/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./606/binderfs") = 0 umount2("./606/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./606/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=61, ...}) = 0 unlink("./606/cpuset.effective_cpus") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./606") = 0 mkdir("./607", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3371 attached [pid 3371] set_robust_list(0x555555cf25e0, 24 [pid 371] <... clone resumed>, child_tidptr=0x555555cf25d0) = 3371 [pid 3371] <... set_robust_list resumed>) = 0 [pid 3371] chdir("./607") = 0 [pid 3371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3371] setpgid(0, 0) = 0 [pid 3371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3371] write(3, "1000", 4) = 4 [pid 3371] close(3) = 0 [pid 3371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3371] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3371] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3371] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3372], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3372 [pid 3371] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3371] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3372 attached [pid 3372] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3372] memfd_create("syzkaller", 0) = 3 [pid 3372] ftruncate(3, 2097152) = 0 [pid 3372] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3372] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3372] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3372] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3372] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3372] mkdir("./file0", 0777) = 0 [pid 3372] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3372] ioctl(4, LOOP_CLR_FD) = 0 [pid 3372] close(4) = 0 [pid 3372] close(3) = 0 [pid 3372] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3372] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3371] <... futex resumed>) = 0 [pid 3371] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3371] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3372] <... futex resumed>) = 0 [pid 3372] chdir("./file0") = 0 [pid 3372] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3371] <... futex resumed>) = 0 [pid 3371] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3371] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3372] <... futex resumed>) = 1 [pid 3372] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3372] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3371] <... futex resumed>) = 0 [pid 3372] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3371] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3371] <... futex resumed>) = 0 [pid 3372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3371] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3372] <... write resumed>) = 61 [pid 3371] <... futex resumed>) = 0 [pid 3372] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3372] <... futex resumed>) = 0 [pid 3371] <... mmap resumed>) = 0x7f697cdae000 [pid 3372] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3371] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3371] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3375 attached [pid 3375] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3375] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3371] <... clone resumed>, parent_tid=[3375], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3375 [pid 3371] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3371] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3375] <... futex resumed>) = 0 [pid 3375] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3375] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3371] <... futex resumed>) = 0 [pid 3371] exit_group(0 [pid 3372] <... futex resumed>) = ? [pid 3371] <... exit_group resumed>) = ? [pid 3372] +++ exited with 0 +++ [pid 3375] <... futex resumed>) = ? [pid 3375] +++ exited with 0 +++ [pid 3371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3371, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./607", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./607", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./607/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./607/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./607/binderfs") = 0 [ 62.485415][ T3372] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./607/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./607/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./607/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./607/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./607/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./607/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./607") = 0 mkdir("./608", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3376 ./strace-static-x86_64: Process 3376 attached [pid 3376] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3376] chdir("./608") = 0 [pid 3376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3376] setpgid(0, 0) = 0 [pid 3376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3376] write(3, "1000", 4) = 4 [pid 3376] close(3) = 0 [pid 3376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3376] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3376] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3376] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3377], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3377 [pid 3376] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3376] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3377 attached [pid 3377] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3377] memfd_create("syzkaller", 0) = 3 [pid 3377] ftruncate(3, 2097152) = 0 [pid 3377] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3377] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3377] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3377] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3377] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3377] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3377] mkdir("./file0", 0777) = 0 [pid 3377] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3377] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3377] ioctl(4, LOOP_CLR_FD) = 0 [pid 3377] close(4) = 0 [pid 3377] close(3) = 0 [pid 3377] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3376] <... futex resumed>) = 0 [pid 3376] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3376] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3377] <... futex resumed>) = 1 [pid 3377] chdir("./file0") = 0 [pid 3377] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3376] <... futex resumed>) = 0 [pid 3376] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3376] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3377] <... futex resumed>) = 1 [pid 3377] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3377] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3376] <... futex resumed>) = 0 [pid 3376] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3376] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3376] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3376] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3380], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3380 [pid 3376] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3376] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3377] <... futex resumed>) = 1 [pid 3377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3377] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3377] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3380 attached [pid 3380] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3380] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3380] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3376] <... futex resumed>) = 0 [pid 3376] exit_group(0) = ? [pid 3377] <... futex resumed>) = ? [pid 3377] +++ exited with 0 +++ [pid 3380] <... futex resumed>) = ? [pid 3380] +++ exited with 0 +++ [pid 3376] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3376, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./608", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./608", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./608/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./608/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./608/binderfs") = 0 umount2("./608/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./608/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./608/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./608/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./608/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./608/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./608") = 0 mkdir("./609", 0777) = 0 [ 62.610843][ T3377] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3381 ./strace-static-x86_64: Process 3381 attached [pid 3381] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3381] chdir("./609") = 0 [pid 3381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3381] setpgid(0, 0) = 0 [pid 3381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3381] write(3, "1000", 4) = 4 [pid 3381] close(3) = 0 [pid 3381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3381] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3381] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3381] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3382], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3382 [pid 3381] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3381] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3382 attached [pid 3382] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3382] memfd_create("syzkaller", 0) = 3 [pid 3382] ftruncate(3, 2097152) = 0 [pid 3382] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3382] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3382] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3382] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3382] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3382] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3382] mkdir("./file0", 0777) = 0 [pid 3382] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3382] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3382] ioctl(4, LOOP_CLR_FD) = 0 [pid 3382] close(4) = 0 [pid 3382] close(3) = 0 [pid 3382] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3381] <... futex resumed>) = 0 [pid 3381] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3381] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3382] <... futex resumed>) = 1 [pid 3382] chdir("./file0") = 0 [pid 3382] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3381] <... futex resumed>) = 0 [pid 3381] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3381] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3382] <... futex resumed>) = 1 [pid 3382] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3382] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3381] <... futex resumed>) = 0 [pid 3381] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3381] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3381] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3381] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3385], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3385 [pid 3381] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3381] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3382] <... futex resumed>) = 1 [pid 3382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3382] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3382] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3385 attached [pid 3385] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3385] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3385] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3381] <... futex resumed>) = 0 [pid 3381] exit_group(0) = ? [pid 3382] <... futex resumed>) = ? [pid 3382] +++ exited with 0 +++ [pid 3385] <... futex resumed>) = ? [pid 3385] +++ exited with 0 +++ [pid 3381] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3381, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./609", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./609", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./609/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./609/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./609/binderfs") = 0 umount2("./609/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./609/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./609/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./609/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./609/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./609/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./609") = 0 mkdir("./610", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3386 ./strace-static-x86_64: Process 3386 attached [pid 3386] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3386] chdir("./610") = 0 [ 62.689438][ T3382] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3386] setpgid(0, 0) = 0 [pid 3386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3386] write(3, "1000", 4) = 4 [pid 3386] close(3) = 0 [pid 3386] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3386] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3386] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3386] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3387 attached , parent_tid=[3387], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3387 [pid 3387] set_robust_list(0x7f697cdef9e0, 24 [pid 3386] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3387] <... set_robust_list resumed>) = 0 [pid 3386] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3387] memfd_create("syzkaller", 0) = 3 [pid 3387] ftruncate(3, 2097152) = 0 [pid 3387] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3387] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3387] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3387] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3387] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3387] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3387] mkdir("./file0", 0777) = 0 [pid 3387] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3387] ioctl(4, LOOP_CLR_FD) = 0 [pid 3387] close(4) = 0 [pid 3387] close(3) = 0 [pid 3387] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3386] <... futex resumed>) = 0 [pid 3386] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3386] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3387] <... futex resumed>) = 1 [pid 3387] chdir("./file0") = 0 [pid 3387] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3386] <... futex resumed>) = 0 [pid 3386] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3386] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3387] <... futex resumed>) = 1 [pid 3387] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3387] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3386] <... futex resumed>) = 0 [pid 3386] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3386] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3386] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3386] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3390 attached , parent_tid=[3390], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3390 [pid 3386] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3386] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3390] set_robust_list(0x7f697cdce9e0, 24 [pid 3387] <... futex resumed>) = 1 [pid 3387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3390] <... set_robust_list resumed>) = 0 [pid 3387] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3387] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3390] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3390] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3386] <... futex resumed>) = 0 [pid 3386] exit_group(0) = ? [pid 3387] <... futex resumed>) = ? [pid 3387] +++ exited with 0 +++ [pid 3390] <... futex resumed>) = ? [pid 3390] +++ exited with 0 +++ [pid 3386] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3386, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./610", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./610", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./610/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./610/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./610/binderfs") = 0 [ 62.760851][ T3387] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./610/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./610/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./610/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./610/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./610/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./610/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./610") = 0 mkdir("./611", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3391 ./strace-static-x86_64: Process 3391 attached [pid 3391] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3391] chdir("./611") = 0 [pid 3391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3391] setpgid(0, 0) = 0 [pid 3391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3391] write(3, "1000", 4) = 4 [pid 3391] close(3) = 0 [pid 3391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3391] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3391] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3391] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3392], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3392 [pid 3391] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3391] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3392 attached [pid 3392] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3392] memfd_create("syzkaller", 0) = 3 [pid 3392] ftruncate(3, 2097152) = 0 [pid 3392] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3392] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3392] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3392] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3392] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3392] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3392] mkdir("./file0", 0777) = 0 [pid 3392] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3392] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3392] ioctl(4, LOOP_CLR_FD) = 0 [pid 3392] close(4) = 0 [pid 3392] close(3) = 0 [pid 3392] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3391] <... futex resumed>) = 0 [pid 3391] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3391] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3392] <... futex resumed>) = 1 [pid 3392] chdir("./file0") = 0 [pid 3392] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3391] <... futex resumed>) = 0 [pid 3391] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3391] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3392] <... futex resumed>) = 1 [pid 3392] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3392] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3391] <... futex resumed>) = 0 [pid 3391] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3391] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3391] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3391] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3395], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3395 [pid 3391] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3391] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3392] <... futex resumed>) = 1 [pid 3392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3392] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3392] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3395 attached [pid 3395] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3395] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3395] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3391] <... futex resumed>) = 0 [pid 3391] exit_group(0) = ? [pid 3392] <... futex resumed>) = ? [pid 3392] +++ exited with 0 +++ [pid 3395] <... futex resumed>) = ? [pid 3395] +++ exited with 0 +++ [pid 3391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3391, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./611", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./611", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./611/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./611/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./611/binderfs") = 0 umount2("./611/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./611/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./611/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./611/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./611/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./611/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./611") = 0 mkdir("./612", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3396 ./strace-static-x86_64: Process 3396 attached [pid 3396] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3396] chdir("./612") = 0 [pid 3396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3396] setpgid(0, 0) = 0 [pid 3396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3396] write(3, "1000", 4) = 4 [pid 3396] close(3) = 0 [pid 3396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3396] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3396] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3396] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3397], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3397 [pid 3396] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3396] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3397 attached [pid 3397] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3397] memfd_create("syzkaller", 0) = 3 [pid 3397] ftruncate(3, 2097152) = 0 [pid 3397] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3397] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3397] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3397] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3397] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3397] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3397] ioctl(4, LOOP_CLR_FD) = 0 [pid 3397] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3397] close(4) = 0 [pid 3397] close(3) = 0 [pid 3397] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3396] <... futex resumed>) = 0 [pid 3396] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3396] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3397] <... futex resumed>) = 1 [pid 3397] chdir("./file0") = -1 ENOENT (No such file or directory) [pid 3397] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3396] <... futex resumed>) = 0 [pid 3396] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3396] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3397] <... futex resumed>) = 1 [pid 3397] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3397] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3396] <... futex resumed>) = 0 [pid 3396] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3396] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3396] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3396] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3398], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3398 [pid 3396] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3396] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3397] <... futex resumed>) = 1 [pid 3397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3397] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3397] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3398 attached [pid 3398] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3398] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3398] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3396] <... futex resumed>) = 0 [pid 3396] exit_group(0 [pid 3397] <... futex resumed>) = ? [pid 3396] <... exit_group resumed>) = ? [pid 3397] +++ exited with 0 +++ [pid 3398] <... futex resumed>) = ? [pid 3398] +++ exited with 0 +++ [pid 3396] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3396, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./612", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./612", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 128 umount2("./612/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./612/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./612/binderfs") = 0 umount2("./612/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./612/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=61, ...}) = 0 unlink("./612/cpuset.effective_cpus") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./612") = 0 mkdir("./613", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3399 ./strace-static-x86_64: Process 3399 attached [pid 3399] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3399] chdir("./613") = 0 [pid 3399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3399] setpgid(0, 0) = 0 [pid 3399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3399] write(3, "1000", 4) = 4 [pid 3399] close(3) = 0 [pid 3399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3399] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3399] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3399] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3400], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3400 [pid 3399] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3399] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3400 attached [pid 3400] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3400] memfd_create("syzkaller", 0) = 3 [pid 3400] ftruncate(3, 2097152) = 0 [pid 3400] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3400] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3400] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3400] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3400] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3400] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3400] mkdir("./file0", 0777) = 0 [ 62.890825][ T3392] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3400] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3400] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3400] ioctl(4, LOOP_CLR_FD) = 0 [pid 3400] close(4) = 0 [pid 3400] close(3) = 0 [pid 3400] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3399] <... futex resumed>) = 0 [pid 3399] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3399] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3400] <... futex resumed>) = 1 [pid 3400] chdir("./file0") = 0 [pid 3400] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3399] <... futex resumed>) = 0 [pid 3399] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3399] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3400] <... futex resumed>) = 1 [pid 3400] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3400] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3399] <... futex resumed>) = 0 [pid 3399] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3399] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3399] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3399] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3403], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3403 [pid 3399] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3399] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3400] <... futex resumed>) = 1 [pid 3400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3400] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3400] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3403 attached [pid 3403] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3403] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3403] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3399] <... futex resumed>) = 0 [pid 3399] exit_group(0) = ? [pid 3400] <... futex resumed>) = ? [pid 3400] +++ exited with 0 +++ [pid 3403] <... futex resumed>) = ? [pid 3403] +++ exited with 0 +++ [pid 3399] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3399, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./613", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./613", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./613/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./613/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./613/binderfs") = 0 [ 62.938457][ T3400] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./613/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./613/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./613/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./613/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./613/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./613/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./613") = 0 mkdir("./614", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3404 ./strace-static-x86_64: Process 3404 attached [pid 3404] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3404] chdir("./614") = 0 [pid 3404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3404] setpgid(0, 0) = 0 [pid 3404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3404] write(3, "1000", 4) = 4 [pid 3404] close(3) = 0 [pid 3404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3404] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3404] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3404] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3405], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3405 [pid 3404] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3404] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3405 attached [pid 3405] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3405] memfd_create("syzkaller", 0) = 3 [pid 3405] ftruncate(3, 2097152) = 0 [pid 3405] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3405] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3405] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3405] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3405] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3405] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3405] mkdir("./file0", 0777) = 0 [pid 3405] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3405] ioctl(4, LOOP_CLR_FD) = 0 [pid 3405] close(4) = 0 [pid 3405] close(3) = 0 [pid 3405] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3404] <... futex resumed>) = 0 [pid 3404] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3404] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3405] <... futex resumed>) = 1 [pid 3405] chdir("./file0") = 0 [pid 3405] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3404] <... futex resumed>) = 0 [pid 3404] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3404] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3405] <... futex resumed>) = 1 [pid 3405] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3405] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3404] <... futex resumed>) = 0 [pid 3404] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3404] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3404] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3404] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3408], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3408 [pid 3404] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3408 attached [pid 3405] <... futex resumed>) = 1 [pid 3404] <... futex resumed>) = 0 [pid 3404] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3408] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3408] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3408] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3408] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3405] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 3404] <... futex resumed>) = 0 [pid 3408] <... futex resumed>) = 1 [pid 3408] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3405] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3405] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3404] exit_group(0) = ? [pid 3408] <... futex resumed>) = ? [pid 3408] +++ exited with 0 +++ [pid 3405] <... futex resumed>) = ? [pid 3405] +++ exited with 0 +++ [pid 3404] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3404, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./614", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./614", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./614/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./614/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./614/binderfs") = 0 [ 63.051240][ T3405] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./614/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./614/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./614/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./614/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./614/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./614/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./614") = 0 mkdir("./615", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3409 ./strace-static-x86_64: Process 3409 attached [pid 3409] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3409] chdir("./615") = 0 [pid 3409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3409] setpgid(0, 0) = 0 [pid 3409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3409] write(3, "1000", 4) = 4 [pid 3409] close(3) = 0 [pid 3409] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3409] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3409] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3409] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3410], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3410 [pid 3409] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3409] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3410 attached [pid 3410] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3410] memfd_create("syzkaller", 0) = 3 [pid 3410] ftruncate(3, 2097152) = 0 [pid 3410] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3410] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3410] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3410] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3410] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3410] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3410] mkdir("./file0", 0777) = 0 [pid 3410] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3410] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3410] ioctl(4, LOOP_CLR_FD) = 0 [pid 3410] close(4) = 0 [pid 3410] close(3) = 0 [pid 3410] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3409] <... futex resumed>) = 0 [pid 3409] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3409] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3410] <... futex resumed>) = 1 [pid 3410] chdir("./file0") = 0 [pid 3410] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3409] <... futex resumed>) = 0 [pid 3409] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3409] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3410] <... futex resumed>) = 1 [pid 3410] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3410] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3409] <... futex resumed>) = 0 [pid 3409] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3409] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3409] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3409] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3413], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3413 [pid 3409] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3409] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3410] <... futex resumed>) = 1 [pid 3410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3410] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3410] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3413 attached [pid 3413] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3413] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3413] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3409] <... futex resumed>) = 0 [pid 3409] exit_group(0) = ? [pid 3410] <... futex resumed>) = ? [pid 3410] +++ exited with 0 +++ [pid 3413] <... futex resumed>) = ? [pid 3413] +++ exited with 0 +++ [pid 3409] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3409, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./615", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./615", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./615/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./615/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./615/binderfs") = 0 [ 63.171446][ T3410] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./615/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./615/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./615/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./615/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./615/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./615/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./615") = 0 mkdir("./616", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3414 ./strace-static-x86_64: Process 3414 attached [pid 3414] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3414] chdir("./616") = 0 [pid 3414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3414] setpgid(0, 0) = 0 [pid 3414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3414] write(3, "1000", 4) = 4 [pid 3414] close(3) = 0 [pid 3414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3414] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3414] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3414] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3415], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3415 [pid 3414] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3414] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3415 attached [pid 3415] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3415] memfd_create("syzkaller", 0) = 3 [pid 3415] ftruncate(3, 2097152) = 0 [pid 3415] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3415] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3415] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3415] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3415] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3415] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3415] mkdir("./file0", 0777) = 0 [pid 3415] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3415] ioctl(4, LOOP_CLR_FD) = 0 [pid 3415] close(4) = 0 [pid 3415] close(3) = 0 [pid 3415] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3414] <... futex resumed>) = 0 [pid 3414] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3414] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3415] <... futex resumed>) = 1 [pid 3415] chdir("./file0") = 0 [pid 3415] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3414] <... futex resumed>) = 0 [pid 3414] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3414] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3415] <... futex resumed>) = 1 [pid 3415] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3415] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3414] <... futex resumed>) = 0 [pid 3414] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3414] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3414] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3414] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3418], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3418 [pid 3414] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3414] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3415] <... futex resumed>) = 1 [pid 3415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3415] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3415] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3418 attached [pid 3418] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3418] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3418] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3414] <... futex resumed>) = 0 [pid 3414] exit_group(0) = ? [pid 3415] <... futex resumed>) = ? [pid 3415] +++ exited with 0 +++ [pid 3418] <... futex resumed>) = ? [pid 3418] +++ exited with 0 +++ [pid 3414] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3414, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./616", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./616", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./616/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./616/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./616/binderfs") = 0 [ 63.252566][ T3415] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./616/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./616/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./616/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./616/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./616/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./616/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./616") = 0 mkdir("./617", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3419 ./strace-static-x86_64: Process 3419 attached [pid 3419] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3419] chdir("./617") = 0 [pid 3419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3419] setpgid(0, 0) = 0 [pid 3419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3419] write(3, "1000", 4) = 4 [pid 3419] close(3) = 0 [pid 3419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3419] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3419] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3419] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3420], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3420 [pid 3419] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3419] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3420 attached [pid 3420] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3420] memfd_create("syzkaller", 0) = 3 [pid 3420] ftruncate(3, 2097152) = 0 [pid 3420] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3420] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3420] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3420] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3420] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3420] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3420] mkdir("./file0", 0777) = 0 [pid 3420] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3420] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3420] ioctl(4, LOOP_CLR_FD) = 0 [pid 3420] close(4) = 0 [pid 3420] close(3) = 0 [pid 3420] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3419] <... futex resumed>) = 0 [pid 3419] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3419] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3420] <... futex resumed>) = 1 [pid 3420] chdir("./file0") = 0 [pid 3420] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3419] <... futex resumed>) = 0 [pid 3419] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3419] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3420] <... futex resumed>) = 1 [pid 3420] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3420] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3419] <... futex resumed>) = 0 [pid 3419] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3419] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3419] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3419] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3423], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3423 [pid 3419] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3419] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3420] <... futex resumed>) = 1 [pid 3420] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3420] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3420] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3423 attached [pid 3423] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3423] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3423] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3419] <... futex resumed>) = 0 [pid 3419] exit_group(0) = ? [pid 3423] <... futex resumed>) = ? [pid 3423] +++ exited with 0 +++ [pid 3420] <... futex resumed>) = ? [pid 3420] +++ exited with 0 +++ [pid 3419] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3419, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./617", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./617", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./617/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./617/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./617/binderfs") = 0 [ 63.414808][ T3420] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./617/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./617/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./617/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./617/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./617/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./617/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./617") = 0 mkdir("./618", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3424 ./strace-static-x86_64: Process 3424 attached [pid 3424] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3424] chdir("./618") = 0 [pid 3424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3424] setpgid(0, 0) = 0 [pid 3424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3424] write(3, "1000", 4) = 4 [pid 3424] close(3) = 0 [pid 3424] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3424] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3424] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3424] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3425], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3425 [pid 3424] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3424] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3425 attached [pid 3425] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3425] memfd_create("syzkaller", 0) = 3 [pid 3425] ftruncate(3, 2097152) = 0 [pid 3425] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3425] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3425] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3425] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3425] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3425] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3425] mkdir("./file0", 0777) = 0 [pid 3425] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3425] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3425] ioctl(4, LOOP_CLR_FD) = 0 [pid 3425] close(4) = 0 [pid 3425] close(3) = 0 [pid 3425] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3424] <... futex resumed>) = 0 [pid 3424] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3424] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3425] <... futex resumed>) = 1 [pid 3425] chdir("./file0") = 0 [pid 3425] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3424] <... futex resumed>) = 0 [pid 3424] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3424] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3425] <... futex resumed>) = 1 [pid 3425] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3425] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3424] <... futex resumed>) = 0 [pid 3424] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3424] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3424] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3424] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3428], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3428 [pid 3424] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3424] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3425] <... futex resumed>) = 1 [pid 3425] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3425] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3425] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3428 attached [pid 3428] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3428] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3428] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3424] <... futex resumed>) = 0 [pid 3424] exit_group(0) = ? [pid 3425] <... futex resumed>) = ? [pid 3425] +++ exited with 0 +++ [pid 3428] <... futex resumed>) = ? [pid 3428] +++ exited with 0 +++ [pid 3424] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3424, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./618", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./618", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./618/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./618/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./618/binderfs") = 0 umount2("./618/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./618/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./618/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./618/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./618/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./618/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./618") = 0 mkdir("./619", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3429 ./strace-static-x86_64: Process 3429 attached [pid 3429] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3429] chdir("./619") = 0 [pid 3429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3429] setpgid(0, 0) = 0 [pid 3429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3429] write(3, "1000", 4) = 4 [pid 3429] close(3) = 0 [pid 3429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3429] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3429] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3429] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3430], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3430 [pid 3429] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3429] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3430 attached [pid 3430] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3430] memfd_create("syzkaller", 0) = 3 [pid 3430] ftruncate(3, 2097152) = 0 [pid 3430] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3430] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3430] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3430] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3430] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3430] ioctl(4, LOOP_SET_FD, 3) = 0 [ 63.532527][ T3425] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3430] mkdir("./file0", 0777) = 0 [pid 3430] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3430] ioctl(4, LOOP_CLR_FD) = 0 [pid 3430] close(4) = 0 [pid 3430] close(3) = 0 [pid 3430] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3429] <... futex resumed>) = 0 [pid 3429] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3429] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3430] <... futex resumed>) = 1 [pid 3430] chdir("./file0") = 0 [pid 3430] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3429] <... futex resumed>) = 0 [pid 3429] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3429] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3430] <... futex resumed>) = 1 [pid 3430] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3430] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3429] <... futex resumed>) = 0 [pid 3429] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3429] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3429] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3429] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3433], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3433 [pid 3429] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3429] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3430] <... futex resumed>) = 1 ./strace-static-x86_64: Process 3433 attached [pid 3430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3433] set_robust_list(0x7f697cdce9e0, 24 [pid 3430] <... write resumed>) = 61 [pid 3433] <... set_robust_list resumed>) = 0 [pid 3433] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3430] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3433] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3433] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3433] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3430] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3429] <... futex resumed>) = 0 [pid 3429] exit_group(0) = ? [pid 3430] <... futex resumed>) = ? [pid 3430] +++ exited with 0 +++ [pid 3433] <... futex resumed>) = ? [pid 3433] +++ exited with 0 +++ [pid 3429] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3429, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./619", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./619", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./619/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./619/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./619/binderfs") = 0 umount2("./619/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./619/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./619/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./619/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./619/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./619/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./619") = 0 mkdir("./620", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3434 ./strace-static-x86_64: Process 3434 attached [pid 3434] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3434] chdir("./620") = 0 [pid 3434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3434] setpgid(0, 0) = 0 [pid 3434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3434] write(3, "1000", 4) = 4 [pid 3434] close(3) = 0 [pid 3434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3434] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3434] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3434] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3435], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3435 [pid 3434] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3434] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3435 attached [pid 3435] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3435] memfd_create("syzkaller", 0) = 3 [pid 3435] ftruncate(3, 2097152) = 0 [pid 3435] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3435] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3435] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3435] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3435] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3435] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3435] mkdir("./file0", 0777) = 0 [ 63.596076][ T3430] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3435] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3435] ioctl(4, LOOP_CLR_FD) = 0 [pid 3435] close(4) = 0 [pid 3435] close(3) = 0 [pid 3435] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3434] <... futex resumed>) = 0 [pid 3434] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3434] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3435] <... futex resumed>) = 1 [pid 3435] chdir("./file0") = 0 [pid 3435] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3434] <... futex resumed>) = 0 [pid 3434] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3434] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3435] <... futex resumed>) = 1 [pid 3435] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3435] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3434] <... futex resumed>) = 0 [pid 3434] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3434] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3434] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3434] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3438], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3438 [pid 3434] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3434] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3435] <... futex resumed>) = 1 [pid 3435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3435] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3435] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3438 attached [pid 3438] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3438] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3438] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3434] <... futex resumed>) = 0 [pid 3434] exit_group(0) = ? [pid 3435] <... futex resumed>) = ? [pid 3435] +++ exited with 0 +++ [pid 3438] <... futex resumed>) = ? [pid 3438] +++ exited with 0 +++ [pid 3434] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3434, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./620", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./620", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./620/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./620/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./620/binderfs") = 0 umount2("./620/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./620/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./620/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./620/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./620/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./620/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./620") = 0 mkdir("./621", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3439 ./strace-static-x86_64: Process 3439 attached [pid 3439] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3439] chdir("./621") = 0 [pid 3439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3439] setpgid(0, 0) = 0 [pid 3439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3439] write(3, "1000", 4) = 4 [pid 3439] close(3) = 0 [pid 3439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3439] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3439] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3439] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3440], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3440 [pid 3439] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3439] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3440 attached [pid 3440] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3440] memfd_create("syzkaller", 0) = 3 [pid 3440] ftruncate(3, 2097152) = 0 [pid 3440] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3440] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3440] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3440] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3440] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3440] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3440] mkdir("./file0", 0777) = 0 [ 63.652338][ T3435] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3440] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3440] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3440] ioctl(4, LOOP_CLR_FD) = 0 [pid 3440] close(4) = 0 [pid 3440] close(3) = 0 [pid 3440] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3439] <... futex resumed>) = 0 [pid 3439] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3439] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3440] <... futex resumed>) = 1 [pid 3440] chdir("./file0") = 0 [pid 3440] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3439] <... futex resumed>) = 0 [pid 3439] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3439] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3440] <... futex resumed>) = 1 [pid 3440] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3440] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3439] <... futex resumed>) = 0 [pid 3439] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3439] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3439] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3439] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3443], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3443 ./strace-static-x86_64: Process 3443 attached [pid 3440] <... futex resumed>) = 1 [pid 3439] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3439] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3443] set_robust_list(0x7f697cdce9e0, 24 [pid 3440] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3440] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3440] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3443] <... set_robust_list resumed>) = 0 [pid 3443] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3443] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3443] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3439] <... futex resumed>) = 0 [pid 3439] exit_group(0) = ? [pid 3440] <... futex resumed>) = ? [pid 3440] +++ exited with 0 +++ [pid 3443] <... futex resumed>) = ? [pid 3443] +++ exited with 0 +++ [pid 3439] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3439, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./621", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./621", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./621/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./621/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./621/binderfs") = 0 [ 63.714144][ T3440] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./621/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./621/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./621/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./621/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./621/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./621/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./621") = 0 mkdir("./622", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3444 ./strace-static-x86_64: Process 3444 attached [pid 3444] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3444] chdir("./622") = 0 [pid 3444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3444] setpgid(0, 0) = 0 [pid 3444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3444] write(3, "1000", 4) = 4 [pid 3444] close(3) = 0 [pid 3444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3444] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3444] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3444] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3445], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3445 [pid 3444] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3444] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3445 attached [pid 3445] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3445] memfd_create("syzkaller", 0) = 3 [pid 3445] ftruncate(3, 2097152) = 0 [pid 3445] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3445] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3445] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3445] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3445] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3445] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3445] mkdir("./file0", 0777) = 0 [pid 3445] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3445] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3445] ioctl(4, LOOP_CLR_FD) = 0 [pid 3445] close(4) = 0 [pid 3445] close(3) = 0 [pid 3445] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3444] <... futex resumed>) = 0 [pid 3444] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3444] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3445] <... futex resumed>) = 1 [pid 3445] chdir("./file0") = 0 [pid 3445] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3444] <... futex resumed>) = 0 [pid 3444] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3444] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3445] <... futex resumed>) = 1 [pid 3445] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3445] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3444] <... futex resumed>) = 0 [pid 3444] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3444] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3444] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3444] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3448], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3448 [pid 3444] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3444] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3445] <... futex resumed>) = 1 ./strace-static-x86_64: Process 3448 attached [pid 3445] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3445] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3445] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3448] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3448] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3448] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3444] <... futex resumed>) = 0 [pid 3444] exit_group(0) = ? [pid 3448] <... futex resumed>) = ? [pid 3445] <... futex resumed>) = ? [pid 3448] +++ exited with 0 +++ [pid 3445] +++ exited with 0 +++ [pid 3444] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3444, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./622", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./622", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./622/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./622/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./622/binderfs") = 0 umount2("./622/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./622/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./622/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./622/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./622/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./622/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./622") = 0 mkdir("./623", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3449 ./strace-static-x86_64: Process 3449 attached [pid 3449] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3449] chdir("./623") = 0 [pid 3449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3449] setpgid(0, 0) = 0 [pid 3449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3449] write(3, "1000", 4) = 4 [pid 3449] close(3) = 0 [pid 3449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3449] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3449] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3449] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3450], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3450 [pid 3449] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3449] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3450 attached [pid 3450] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3450] memfd_create("syzkaller", 0) = 3 [pid 3450] ftruncate(3, 2097152) = 0 [pid 3450] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3450] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3450] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3450] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3450] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3450] ioctl(4, LOOP_SET_FD, 3) = 0 [ 63.811513][ T3445] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3450] mkdir("./file0", 0777) = 0 [pid 3450] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3450] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3450] ioctl(4, LOOP_CLR_FD) = 0 [pid 3450] close(4) = 0 [pid 3450] close(3) = 0 [pid 3450] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3449] <... futex resumed>) = 0 [pid 3449] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3449] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3450] <... futex resumed>) = 1 [pid 3450] chdir("./file0") = 0 [pid 3450] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3449] <... futex resumed>) = 0 [pid 3449] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3449] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3450] <... futex resumed>) = 1 [pid 3450] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3450] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3449] <... futex resumed>) = 0 [pid 3449] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3449] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3449] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3449] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3453], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3453 [pid 3449] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3453 attached [pid 3450] <... futex resumed>) = 1 [pid 3449] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3453] set_robust_list(0x7f697cdce9e0, 24 [pid 3450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3453] <... set_robust_list resumed>) = 0 [pid 3453] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3450] <... write resumed>) = 61 [pid 3450] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3453] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3450] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3453] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3449] <... futex resumed>) = 0 [pid 3449] exit_group(0) = ? [pid 3453] <... futex resumed>) = ? [pid 3450] <... futex resumed>) = 231 [pid 3453] +++ exited with 0 +++ [pid 3450] +++ exited with 0 +++ [pid 3449] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3449, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./623", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./623", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./623/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./623/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./623/binderfs") = 0 [ 63.875092][ T3450] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./623/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./623/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./623/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./623/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./623/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./623/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./623") = 0 mkdir("./624", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3454 ./strace-static-x86_64: Process 3454 attached [pid 3454] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3454] chdir("./624") = 0 [pid 3454] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3454] setpgid(0, 0) = 0 [pid 3454] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3454] write(3, "1000", 4) = 4 [pid 3454] close(3) = 0 [pid 3454] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3454] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3454] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3454] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3454] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3455], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3455 [pid 3454] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3454] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3455 attached [pid 3455] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3455] memfd_create("syzkaller", 0) = 3 [pid 3455] ftruncate(3, 2097152) = 0 [pid 3455] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3455] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3455] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3455] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3455] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3455] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3455] mkdir("./file0", 0777) = 0 [pid 3455] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3455] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3455] ioctl(4, LOOP_CLR_FD) = 0 [pid 3455] close(4) = 0 [pid 3455] close(3) = 0 [pid 3455] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3454] <... futex resumed>) = 0 [pid 3454] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3454] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3455] <... futex resumed>) = 1 [pid 3455] chdir("./file0") = 0 [pid 3455] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3454] <... futex resumed>) = 0 [pid 3454] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3454] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3455] <... futex resumed>) = 1 [pid 3455] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3455] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3454] <... futex resumed>) = 0 [pid 3454] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3454] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3454] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3454] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3454] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3458], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3458 [pid 3454] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3454] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3455] <... futex resumed>) = 1 [pid 3455] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3455] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3455] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3458 attached [pid 3458] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3458] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3458] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3454] <... futex resumed>) = 0 [pid 3454] exit_group(0) = ? [pid 3455] <... futex resumed>) = ? [pid 3455] +++ exited with 0 +++ [pid 3458] <... futex resumed>) = ? [pid 3458] +++ exited with 0 +++ [pid 3454] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3454, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./624", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./624", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./624/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./624/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./624/binderfs") = 0 umount2("./624/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./624/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./624/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./624/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./624/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./624/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./624") = 0 mkdir("./625", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3459 ./strace-static-x86_64: Process 3459 attached [pid 3459] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3459] chdir("./625") = 0 [pid 3459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3459] setpgid(0, 0) = 0 [pid 3459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3459] write(3, "1000", 4) = 4 [pid 3459] close(3) = 0 [pid 3459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3459] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3459] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3459] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3460], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3460 [pid 3459] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3459] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3460 attached [pid 3460] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3460] memfd_create("syzkaller", 0) = 3 [pid 3460] ftruncate(3, 2097152) = 0 [pid 3460] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3460] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3460] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3460] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3460] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3460] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3460] mkdir("./file0", 0777) = 0 [ 63.971580][ T3455] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3460] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3460] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3460] ioctl(4, LOOP_CLR_FD) = 0 [pid 3460] close(4) = 0 [pid 3460] close(3) = 0 [pid 3460] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3459] <... futex resumed>) = 0 [pid 3459] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3459] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3460] <... futex resumed>) = 1 [pid 3460] chdir("./file0") = 0 [pid 3460] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3459] <... futex resumed>) = 0 [pid 3459] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3459] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3460] <... futex resumed>) = 1 [pid 3460] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3460] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3459] <... futex resumed>) = 0 [pid 3459] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3459] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3459] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3459] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3463], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3463 [pid 3459] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3459] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3460] <... futex resumed>) = 1 [pid 3460] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 ./strace-static-x86_64: Process 3463 attached [pid 3460] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3460] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3463] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3463] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3463] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3459] <... futex resumed>) = 0 [pid 3459] exit_group(0) = ? [pid 3463] <... futex resumed>) = ? [pid 3460] <... futex resumed>) = ? [pid 3460] +++ exited with 0 +++ [pid 3463] +++ exited with 0 +++ [pid 3459] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3459, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./625", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./625", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./625/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./625/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./625/binderfs") = 0 umount2("./625/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./625/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./625/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./625/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./625/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./625/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./625") = 0 mkdir("./626", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3464 ./strace-static-x86_64: Process 3464 attached [pid 3464] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3464] chdir("./626") = 0 [pid 3464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3464] setpgid(0, 0) = 0 [pid 3464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3464] write(3, "1000", 4) = 4 [pid 3464] close(3) = 0 [pid 3464] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3464] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3464] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3464] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3465], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3465 [pid 3464] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3464] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3465 attached [pid 3465] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3465] memfd_create("syzkaller", 0) = 3 [pid 3465] ftruncate(3, 2097152) = 0 [pid 3465] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3465] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3465] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3465] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3465] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3465] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3465] mkdir("./file0", 0777) = 0 [ 64.021974][ T3460] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3465] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3465] ioctl(4, LOOP_CLR_FD) = 0 [pid 3465] close(4) = 0 [pid 3465] close(3) = 0 [pid 3465] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3464] <... futex resumed>) = 0 [pid 3464] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3464] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3465] <... futex resumed>) = 1 [pid 3465] chdir("./file0") = 0 [pid 3465] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3464] <... futex resumed>) = 0 [pid 3464] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3464] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3465] <... futex resumed>) = 1 [pid 3465] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3465] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3464] <... futex resumed>) = 0 [pid 3464] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3464] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3464] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3464] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3468], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3468 [pid 3464] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3464] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3465] <... futex resumed>) = 1 [pid 3465] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3465] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3465] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3468 attached [pid 3468] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3468] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3468] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3464] <... futex resumed>) = 0 [pid 3464] exit_group(0) = ? [pid 3465] <... futex resumed>) = ? [pid 3465] +++ exited with 0 +++ [pid 3468] +++ exited with 0 +++ [pid 3464] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3464, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./626", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./626", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./626/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./626/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./626/binderfs") = 0 umount2("./626/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./626/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./626/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./626/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./626/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./626/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./626") = 0 mkdir("./627", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3469 ./strace-static-x86_64: Process 3469 attached [pid 3469] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3469] chdir("./627") = 0 [pid 3469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3469] setpgid(0, 0) = 0 [pid 3469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3469] write(3, "1000", 4) = 4 [pid 3469] close(3) = 0 [pid 3469] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3469] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3469] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3469] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3470], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3470 [pid 3469] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3469] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3470 attached [pid 3470] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3470] memfd_create("syzkaller", 0) = 3 [pid 3470] ftruncate(3, 2097152) = 0 [pid 3470] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3470] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3470] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3470] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3470] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3470] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3470] mkdir("./file0", 0777) = 0 [ 64.072479][ T3465] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3470] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3470] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3470] ioctl(4, LOOP_CLR_FD) = 0 [pid 3470] close(4) = 0 [pid 3470] close(3) = 0 [pid 3470] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3469] <... futex resumed>) = 0 [pid 3469] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3469] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3470] <... futex resumed>) = 1 [pid 3470] chdir("./file0") = 0 [pid 3470] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3469] <... futex resumed>) = 0 [pid 3469] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3470] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3469] <... futex resumed>) = 0 [pid 3469] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3470] <... openat resumed>) = 3 [pid 3470] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3469] <... futex resumed>) = 0 [pid 3469] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3469] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3469] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3469] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3473], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3473 [pid 3469] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3469] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3470] <... futex resumed>) = 1 ./strace-static-x86_64: Process 3473 attached [pid 3470] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3473] set_robust_list(0x7f697cdce9e0, 24 [pid 3470] <... write resumed>) = 61 [pid 3473] <... set_robust_list resumed>) = 0 [pid 3470] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3473] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3470] <... futex resumed>) = 0 [pid 3470] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3473] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3473] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3469] <... futex resumed>) = 0 [pid 3469] exit_group(0) = ? [pid 3470] <... futex resumed>) = ? [pid 3473] <... futex resumed>) = ? [pid 3470] +++ exited with 0 +++ [pid 3473] +++ exited with 0 +++ [pid 3469] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3469, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./627", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./627", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./627/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./627/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./627/binderfs") = 0 umount2("./627/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./627/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./627/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./627/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./627/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./627/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./627") = 0 mkdir("./628", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3474 ./strace-static-x86_64: Process 3474 attached [pid 3474] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3474] chdir("./628") = 0 [pid 3474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3474] setpgid(0, 0) = 0 [pid 3474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3474] write(3, "1000", 4) = 4 [pid 3474] close(3) = 0 [pid 3474] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3474] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3474] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3474] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3475 attached , parent_tid=[3475], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3475 [pid 3475] set_robust_list(0x7f697cdef9e0, 24 [pid 3474] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3475] <... set_robust_list resumed>) = 0 [pid 3474] <... futex resumed>) = 0 [pid 3474] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3475] memfd_create("syzkaller", 0) = 3 [pid 3475] ftruncate(3, 2097152) = 0 [pid 3475] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3475] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3475] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3475] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3475] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3475] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3475] mkdir("./file0", 0777) = 0 [ 64.131390][ T3470] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3475] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3475] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3475] ioctl(4, LOOP_CLR_FD) = 0 [pid 3475] close(4) = 0 [pid 3475] close(3) = 0 [pid 3475] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3474] <... futex resumed>) = 0 [pid 3474] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3474] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3475] <... futex resumed>) = 1 [pid 3475] chdir("./file0") = 0 [pid 3475] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3474] <... futex resumed>) = 0 [pid 3474] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3474] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3475] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3475] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3474] <... futex resumed>) = 0 [pid 3474] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3474] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3474] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3474] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3478], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3478 ./strace-static-x86_64: Process 3478 attached [pid 3475] <... futex resumed>) = 1 [pid 3478] set_robust_list(0x7f697cdce9e0, 24 [pid 3474] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3478] <... set_robust_list resumed>) = 0 [pid 3474] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3478] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3478] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3474] <... futex resumed>) = 0 [pid 3478] <... futex resumed>) = 1 [pid 3478] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3475] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = -1 ENOSPC (No space left on device) [pid 3475] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3475] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3474] exit_group(0) = ? [pid 3475] <... futex resumed>) = 231 [pid 3478] <... futex resumed>) = ? [pid 3475] +++ exited with 0 +++ [pid 3478] +++ exited with 0 +++ [pid 3474] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3474, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./628", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./628", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./628/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./628/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./628/binderfs") = 0 umount2("./628/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./628/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./628/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./628/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./628/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./628/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./628") = 0 mkdir("./629", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3479 ./strace-static-x86_64: Process 3479 attached [pid 3479] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3479] chdir("./629") = 0 [pid 3479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3479] setpgid(0, 0) = 0 [pid 3479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3479] write(3, "1000", 4) = 4 [pid 3479] close(3) = 0 [pid 3479] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3479] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3479] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3479] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3480], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3480 [pid 3479] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3479] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3480 attached [pid 3480] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3480] memfd_create("syzkaller", 0) = 3 [pid 3480] ftruncate(3, 2097152) = 0 [pid 3480] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3480] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3480] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3480] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3480] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3480] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3480] mkdir("./file0", 0777) = 0 [ 64.177915][ T3475] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3480] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3480] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3480] ioctl(4, LOOP_CLR_FD) = 0 [pid 3480] close(4) = 0 [pid 3480] close(3) = 0 [pid 3480] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3479] <... futex resumed>) = 0 [pid 3479] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3479] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3480] <... futex resumed>) = 1 [pid 3480] chdir("./file0") = 0 [pid 3480] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3479] <... futex resumed>) = 0 [pid 3479] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3479] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3480] <... futex resumed>) = 1 [pid 3480] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3480] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3479] <... futex resumed>) = 0 [pid 3479] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3479] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3479] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3479] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3483], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3483 [pid 3479] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3479] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3480] <... futex resumed>) = 1 [pid 3480] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3480] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3480] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3483 attached [pid 3483] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3483] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3483] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3479] <... futex resumed>) = 0 [pid 3479] exit_group(0) = ? [pid 3480] <... futex resumed>) = ? [pid 3480] +++ exited with 0 +++ [pid 3483] <... futex resumed>) = ? [pid 3483] +++ exited with 0 +++ [pid 3479] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3479, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./629", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./629", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./629/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./629/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./629/binderfs") = 0 umount2("./629/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./629/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./629/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./629/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./629/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./629/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./629") = 0 mkdir("./630", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3484 ./strace-static-x86_64: Process 3484 attached [pid 3484] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3484] chdir("./630") = 0 [pid 3484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3484] setpgid(0, 0) = 0 [pid 3484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3484] write(3, "1000", 4) = 4 [pid 3484] close(3) = 0 [pid 3484] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3484] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3484] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3484] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3485], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3485 [pid 3484] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3484] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3485 attached [pid 3485] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3485] memfd_create("syzkaller", 0) = 3 [pid 3485] ftruncate(3, 2097152) = 0 [pid 3485] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3485] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3485] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3485] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3485] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3485] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3485] mkdir("./file0", 0777) = 0 [ 64.220798][ T3480] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3485] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3485] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3485] ioctl(4, LOOP_CLR_FD) = 0 [pid 3485] close(4) = 0 [pid 3485] close(3) = 0 [pid 3485] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3484] <... futex resumed>) = 0 [pid 3484] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3484] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3485] <... futex resumed>) = 1 [pid 3485] chdir("./file0") = 0 [pid 3485] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3484] <... futex resumed>) = 0 [pid 3484] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3484] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3485] <... futex resumed>) = 1 [pid 3485] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3485] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3484] <... futex resumed>) = 0 [pid 3484] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3484] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3484] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3484] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3488], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3488 [pid 3484] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3484] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3485] <... futex resumed>) = 1 [pid 3485] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3485] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3485] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3488 attached [pid 3488] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3488] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3488] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3484] <... futex resumed>) = 0 [pid 3484] exit_group(0) = ? [pid 3485] <... futex resumed>) = ? [pid 3485] +++ exited with 0 +++ [pid 3488] <... futex resumed>) = ? [pid 3488] +++ exited with 0 +++ [pid 3484] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3484, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./630", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./630", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./630/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./630/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./630/binderfs") = 0 umount2("./630/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./630/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./630/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./630/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./630/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./630/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./630") = 0 mkdir("./631", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3489 ./strace-static-x86_64: Process 3489 attached [pid 3489] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3489] chdir("./631") = 0 [pid 3489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3489] setpgid(0, 0) = 0 [pid 3489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3489] write(3, "1000", 4) = 4 [pid 3489] close(3) = 0 [pid 3489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3489] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3489] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3489] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3490], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3490 [pid 3489] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3489] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3490 attached [pid 3490] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3490] memfd_create("syzkaller", 0) = 3 [pid 3490] ftruncate(3, 2097152) = 0 [pid 3490] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3490] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3490] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3490] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [ 64.262089][ T3485] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3490] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3490] mkdir("./file0", 0777) = 0 [pid 3490] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3490] ioctl(4, LOOP_CLR_FD) = 0 [pid 3490] close(4) = 0 [pid 3490] close(3) = 0 [pid 3490] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3489] <... futex resumed>) = 0 [pid 3489] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3489] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3490] <... futex resumed>) = 1 [pid 3490] chdir("./file0") = 0 [pid 3490] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3489] <... futex resumed>) = 0 [pid 3489] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3489] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3490] <... futex resumed>) = 1 [pid 3490] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3490] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3489] <... futex resumed>) = 0 [pid 3489] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3489] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3489] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3489] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3493], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3493 [pid 3489] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3493 attached ) = 0 [pid 3489] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3490] <... futex resumed>) = 1 [pid 3490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3490] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3490] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3493] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3493] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3493] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3489] <... futex resumed>) = 0 [pid 3489] exit_group(0) = ? [pid 3490] <... futex resumed>) = ? [pid 3490] +++ exited with 0 +++ [pid 3493] <... futex resumed>) = ? [pid 3493] +++ exited with 0 +++ [pid 3489] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3489, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./631", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./631", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./631/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./631/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./631/binderfs") = 0 umount2("./631/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./631/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./631/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./631/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./631/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./631/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./631") = 0 mkdir("./632", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 64.327603][ T3490] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3494 ./strace-static-x86_64: Process 3494 attached [pid 3494] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3494] chdir("./632") = 0 [pid 3494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3494] setpgid(0, 0) = 0 [pid 3494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3494] write(3, "1000", 4) = 4 [pid 3494] close(3) = 0 [pid 3494] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3494] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3494] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3494] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3495], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3495 [pid 3494] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3494] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3495 attached [pid 3495] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3495] memfd_create("syzkaller", 0) = 3 [pid 3495] ftruncate(3, 2097152) = 0 [pid 3495] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3495] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3495] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3495] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3495] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3495] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3495] mkdir("./file0", 0777) = 0 [pid 3495] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3495] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3495] ioctl(4, LOOP_CLR_FD) = 0 [pid 3495] close(4) = 0 [pid 3495] close(3) = 0 [pid 3495] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3495] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3494] <... futex resumed>) = 0 [pid 3494] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3494] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3495] <... futex resumed>) = 0 [pid 3495] chdir("./file0") = 0 [pid 3495] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3494] <... futex resumed>) = 0 [pid 3494] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3494] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3495] <... futex resumed>) = 1 [pid 3495] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3495] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3494] <... futex resumed>) = 0 [pid 3494] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3494] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3494] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3494] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3498 attached , parent_tid=[3498], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3498 [pid 3498] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3494] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3498] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3494] <... futex resumed>) = 0 [pid 3494] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3495] <... futex resumed>) = 1 [pid 3498] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3495] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3498] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3494] <... futex resumed>) = 0 [pid 3498] <... futex resumed>) = 1 [pid 3495] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 3495] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3495] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3494] exit_group(0) = ? [pid 3495] <... futex resumed>) = ? [pid 3495] +++ exited with 0 +++ [pid 3498] +++ exited with 0 +++ [pid 3494] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3494, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./632", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./632", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./632/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./632/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./632/binderfs") = 0 umount2("./632/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./632/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./632/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./632/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./632/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./632/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./632") = 0 mkdir("./633", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 64.395054][ T3495] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3499 ./strace-static-x86_64: Process 3499 attached [pid 3499] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3499] chdir("./633") = 0 [pid 3499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3499] setpgid(0, 0) = 0 [pid 3499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3499] write(3, "1000", 4) = 4 [pid 3499] close(3) = 0 [pid 3499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3499] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3499] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3499] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3500], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3500 [pid 3499] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3499] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3500 attached [pid 3500] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3500] memfd_create("syzkaller", 0) = 3 [pid 3500] ftruncate(3, 2097152) = 0 [pid 3500] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3500] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3500] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3500] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3500] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3500] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3500] mkdir("./file0", 0777) = 0 [pid 3500] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3500] ioctl(4, LOOP_CLR_FD) = 0 [pid 3500] close(4) = 0 [pid 3500] close(3) = 0 [pid 3500] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3499] <... futex resumed>) = 0 [pid 3499] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3499] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3500] <... futex resumed>) = 1 [pid 3500] chdir("./file0") = 0 [pid 3500] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3499] <... futex resumed>) = 0 [pid 3499] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3499] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3500] <... futex resumed>) = 1 [pid 3500] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3500] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3499] <... futex resumed>) = 0 [pid 3499] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3499] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3499] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3499] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3503], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3503 [pid 3499] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3499] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3500] <... futex resumed>) = 1 [pid 3500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3500] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3500] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3503 attached [pid 3503] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3503] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3503] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3499] <... futex resumed>) = 0 [pid 3503] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3499] exit_group(0) = ? [pid 3503] <... futex resumed>) = ? [pid 3503] +++ exited with 0 +++ [pid 3500] <... futex resumed>) = ? [pid 3500] +++ exited with 0 +++ [pid 3499] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3499, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./633", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./633", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./633/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./633/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./633/binderfs") = 0 [ 64.462106][ T3500] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./633/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./633/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./633/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./633/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./633/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./633/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./633") = 0 mkdir("./634", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3504 ./strace-static-x86_64: Process 3504 attached [pid 3504] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3504] chdir("./634") = 0 [pid 3504] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3504] setpgid(0, 0) = 0 [pid 3504] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3504] write(3, "1000", 4) = 4 [pid 3504] close(3) = 0 [pid 3504] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3504] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3504] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3504] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3505], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3505 [pid 3504] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3504] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3505 attached [pid 3505] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3505] memfd_create("syzkaller", 0) = 3 [pid 3505] ftruncate(3, 2097152) = 0 [pid 3505] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3505] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3505] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3505] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3505] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3505] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3505] mkdir("./file0", 0777) = 0 [pid 3505] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3505] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3505] ioctl(4, LOOP_CLR_FD) = 0 [pid 3505] close(4) = 0 [pid 3505] close(3) = 0 [pid 3505] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3504] <... futex resumed>) = 0 [pid 3504] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3504] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3505] <... futex resumed>) = 1 [pid 3505] chdir("./file0") = 0 [pid 3505] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3504] <... futex resumed>) = 0 [pid 3504] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3504] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3505] <... futex resumed>) = 1 [pid 3505] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3505] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3504] <... futex resumed>) = 0 [pid 3504] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3504] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3505] <... futex resumed>) = 1 [pid 3504] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3504] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3504] <... clone resumed>, parent_tid=[3508], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3508 [pid 3504] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3504] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3508 attached [pid 3508] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3508] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3508] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3504] <... futex resumed>) = 0 [pid 3508] <... futex resumed>) = 1 [pid 3508] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3505] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 3505] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3505] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3504] exit_group(0) = ? [pid 3508] <... futex resumed>) = ? [pid 3508] +++ exited with 0 +++ [pid 3505] <... futex resumed>) = ? [pid 3505] +++ exited with 0 +++ [pid 3504] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3504, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./634", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./634", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./634/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./634/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./634/binderfs") = 0 [ 64.545033][ T3505] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./634/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./634/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./634/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./634/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./634/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./634/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./634") = 0 mkdir("./635", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3509 ./strace-static-x86_64: Process 3509 attached [pid 3509] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3509] chdir("./635") = 0 [pid 3509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3509] setpgid(0, 0) = 0 [pid 3509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3509] write(3, "1000", 4) = 4 [pid 3509] close(3) = 0 [pid 3509] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3509] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3509] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3509] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3510 attached , parent_tid=[3510], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3510 [pid 3510] set_robust_list(0x7f697cdef9e0, 24 [pid 3509] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3510] <... set_robust_list resumed>) = 0 [pid 3509] <... futex resumed>) = 0 [pid 3509] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3510] memfd_create("syzkaller", 0) = 3 [pid 3510] ftruncate(3, 2097152) = 0 [pid 3510] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3510] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3510] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3510] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3510] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3510] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3510] mkdir("./file0", 0777) = 0 [pid 3510] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3510] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3510] ioctl(4, LOOP_CLR_FD) = 0 [pid 3510] close(4) = 0 [pid 3510] close(3) = 0 [pid 3510] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3509] <... futex resumed>) = 0 [pid 3509] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3509] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3510] <... futex resumed>) = 1 [pid 3510] chdir("./file0") = 0 [pid 3510] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3509] <... futex resumed>) = 0 [pid 3509] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3509] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3510] <... futex resumed>) = 1 [pid 3510] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3510] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3509] <... futex resumed>) = 0 [pid 3509] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3509] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3509] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3509] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3513], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3513 [pid 3509] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3509] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3510] <... futex resumed>) = 1 [pid 3510] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3510] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3510] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3513 attached [pid 3513] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3513] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3513] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3509] <... futex resumed>) = 0 [pid 3509] exit_group(0) = ? [pid 3510] <... futex resumed>) = ? [pid 3510] +++ exited with 0 +++ [pid 3513] <... futex resumed>) = ? [pid 3513] +++ exited with 0 +++ [pid 3509] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3509, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./635", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./635", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./635/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./635/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./635/binderfs") = 0 [ 64.648421][ T3510] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./635/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./635/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./635/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./635/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./635/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./635/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./635") = 0 mkdir("./636", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3514 ./strace-static-x86_64: Process 3514 attached [pid 3514] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3514] chdir("./636") = 0 [pid 3514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3514] setpgid(0, 0) = 0 [pid 3514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3514] write(3, "1000", 4) = 4 [pid 3514] close(3) = 0 [pid 3514] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3514] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3514] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3514] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3515], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3515 [pid 3514] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3514] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3515 attached [pid 3515] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3515] memfd_create("syzkaller", 0) = 3 [pid 3515] ftruncate(3, 2097152) = 0 [pid 3515] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3515] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3515] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3515] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3515] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3515] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3515] mkdir("./file0", 0777) = 0 [pid 3515] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3515] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3515] ioctl(4, LOOP_CLR_FD) = 0 [pid 3515] close(4) = 0 [pid 3515] close(3) = 0 [pid 3515] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3514] <... futex resumed>) = 0 [pid 3514] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3514] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3515] <... futex resumed>) = 1 [pid 3515] chdir("./file0") = 0 [pid 3515] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3514] <... futex resumed>) = 0 [pid 3514] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3514] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3515] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3515] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3514] <... futex resumed>) = 0 [pid 3514] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3514] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3514] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3514] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3518], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3518 ./strace-static-x86_64: Process 3518 attached [pid 3514] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3514] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3515] <... futex resumed>) = 1 [pid 3515] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3515] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3515] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3518] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3518] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3518] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3514] <... futex resumed>) = 0 [pid 3514] exit_group(0) = ? [pid 3515] <... futex resumed>) = ? [pid 3515] +++ exited with 0 +++ [pid 3518] <... futex resumed>) = ? [pid 3518] +++ exited with 0 +++ [pid 3514] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3514, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./636", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./636", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./636/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./636/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./636/binderfs") = 0 [ 64.772975][ T3515] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./636/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./636/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./636/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./636/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./636/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./636/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./636") = 0 mkdir("./637", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3519 ./strace-static-x86_64: Process 3519 attached [pid 3519] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3519] chdir("./637") = 0 [pid 3519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3519] setpgid(0, 0) = 0 [pid 3519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3519] write(3, "1000", 4) = 4 [pid 3519] close(3) = 0 [pid 3519] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3519] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3519] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3519] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3520], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3520 [pid 3519] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3519] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3520 attached [pid 3520] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3520] memfd_create("syzkaller", 0) = 3 [pid 3520] ftruncate(3, 2097152) = 0 [pid 3520] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3520] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3520] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3520] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3520] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3520] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3520] mkdir("./file0", 0777) = 0 [pid 3520] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3520] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3520] ioctl(4, LOOP_CLR_FD) = 0 [pid 3520] close(4) = 0 [pid 3520] close(3) = 0 [pid 3520] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3519] <... futex resumed>) = 0 [pid 3520] chdir("./file0" [pid 3519] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3520] <... chdir resumed>) = 0 [pid 3519] <... futex resumed>) = 0 [pid 3520] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3519] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3519] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3520] <... futex resumed>) = 0 [pid 3519] <... futex resumed>) = 0 [pid 3519] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3520] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3520] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3519] <... futex resumed>) = 0 [pid 3520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3519] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3519] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3519] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3519] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3520] <... write resumed>) = 61 [pid 3520] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3520] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3519] <... clone resumed>, parent_tid=[3523], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3523 [pid 3519] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3519] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3523 attached [pid 3523] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3523] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3523] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3519] <... futex resumed>) = 0 [pid 3519] exit_group(0) = ? [pid 3520] <... futex resumed>) = ? [pid 3523] <... futex resumed>) = ? [pid 3520] +++ exited with 0 +++ [pid 3523] +++ exited with 0 +++ [pid 3519] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3519, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./637", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./637", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./637/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./637/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./637/binderfs") = 0 umount2("./637/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./637/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./637/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./637/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./637/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./637/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./637") = 0 mkdir("./638", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3524 ./strace-static-x86_64: Process 3524 attached [pid 3524] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3524] chdir("./638") = 0 [pid 3524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3524] setpgid(0, 0) = 0 [pid 3524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3524] write(3, "1000", 4) = 4 [pid 3524] close(3) = 0 [pid 3524] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3524] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3524] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3524] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3525], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3525 [pid 3524] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3524] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3525 attached [pid 3525] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3525] memfd_create("syzkaller", 0) = 3 [pid 3525] ftruncate(3, 2097152) = 0 [pid 3525] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3525] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3525] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3525] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3525] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3525] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3525] mkdir("./file0", 0777) = 0 [pid 3525] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3525] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3525] ioctl(4, LOOP_CLR_FD) = 0 [pid 3525] close(4) = 0 [pid 3525] close(3) = 0 [pid 3525] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3524] <... futex resumed>) = 0 [pid 3524] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3524] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3525] <... futex resumed>) = 1 [pid 3525] chdir("./file0") = 0 [pid 3525] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3524] <... futex resumed>) = 0 [pid 3524] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3524] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3525] <... futex resumed>) = 1 [pid 3525] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3525] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3524] <... futex resumed>) = 0 [pid 3524] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3524] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3524] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3524] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3528], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3528 [pid 3524] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3524] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3525] <... futex resumed>) = 1 [pid 3525] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3525] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3525] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3528 attached [pid 3528] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3528] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3528] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3524] <... futex resumed>) = 0 [pid 3524] exit_group(0) = ? [pid 3525] <... futex resumed>) = ? [pid 3525] +++ exited with 0 +++ [pid 3528] <... futex resumed>) = ? [pid 3528] +++ exited with 0 +++ [pid 3524] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3524, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./638", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./638", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./638/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./638/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./638/binderfs") = 0 umount2("./638/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./638/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./638/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./638/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./638/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./638/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./638") = 0 mkdir("./639", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3529 ./strace-static-x86_64: Process 3529 attached [pid 3529] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3529] chdir("./639") = 0 [pid 3529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3529] setpgid(0, 0) = 0 [pid 3529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3529] write(3, "1000", 4) = 4 [pid 3529] close(3) = 0 [pid 3529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3529] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3529] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3529] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3530], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3530 [pid 3529] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3529] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3530 attached [pid 3530] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3530] memfd_create("syzkaller", 0) = 3 [pid 3530] ftruncate(3, 2097152) = 0 [pid 3530] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3530] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3530] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3530] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3530] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3530] ioctl(4, LOOP_SET_FD, 3) = 0 [ 64.841539][ T3520] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 64.880828][ T3525] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3530] mkdir("./file0", 0777) = 0 [pid 3530] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3530] ioctl(4, LOOP_CLR_FD) = 0 [pid 3530] close(4) = 0 [pid 3530] close(3) = 0 [pid 3530] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3529] <... futex resumed>) = 0 [pid 3530] chdir("./file0" [pid 3529] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3529] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3530] <... chdir resumed>) = 0 [pid 3530] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3529] <... futex resumed>) = 0 [pid 3529] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3529] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3530] <... futex resumed>) = 1 [pid 3530] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3530] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3529] <... futex resumed>) = 0 [pid 3529] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3530] <... futex resumed>) = 1 [pid 3530] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3529] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3529] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3530] <... write resumed>) = 61 [pid 3529] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3530] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3530] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3529] <... clone resumed>, parent_tid=[3533], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3533 [pid 3529] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3529] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3533 attached [pid 3533] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3533] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3533] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3529] <... futex resumed>) = 0 [pid 3529] exit_group(0 [pid 3530] <... futex resumed>) = ? [pid 3529] <... exit_group resumed>) = ? [pid 3533] <... futex resumed>) = ? [pid 3530] +++ exited with 0 +++ [pid 3533] +++ exited with 0 +++ [pid 3529] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3529, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./639", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./639", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./639/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./639/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./639/binderfs") = 0 [ 64.924486][ T3530] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./639/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./639/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./639/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./639/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./639/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./639/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./639") = 0 mkdir("./640", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3534 ./strace-static-x86_64: Process 3534 attached [pid 3534] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3534] chdir("./640") = 0 [pid 3534] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3534] setpgid(0, 0) = 0 [pid 3534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3534] write(3, "1000", 4) = 4 [pid 3534] close(3) = 0 [pid 3534] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3534] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3534] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3534] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3535], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3535 [pid 3534] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3534] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3535 attached [pid 3535] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3535] memfd_create("syzkaller", 0) = 3 [pid 3535] ftruncate(3, 2097152) = 0 [pid 3535] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3535] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3535] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3535] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3535] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3535] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3535] mkdir("./file0", 0777) = 0 [pid 3535] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3535] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3535] ioctl(4, LOOP_CLR_FD) = 0 [pid 3535] close(4) = 0 [pid 3535] close(3) = 0 [pid 3535] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3534] <... futex resumed>) = 0 [pid 3534] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3534] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3535] <... futex resumed>) = 1 [pid 3535] chdir("./file0") = 0 [pid 3535] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3534] <... futex resumed>) = 0 [pid 3534] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3534] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3535] <... futex resumed>) = 1 [pid 3535] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3535] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3534] <... futex resumed>) = 0 [pid 3534] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3534] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3534] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3534] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3538], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3538 [pid 3534] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3534] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3535] <... futex resumed>) = 1 [pid 3535] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3535] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3535] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3538 attached [pid 3538] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3538] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3538] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3534] <... futex resumed>) = 0 [pid 3534] exit_group(0) = ? [pid 3535] <... futex resumed>) = ? [pid 3535] +++ exited with 0 +++ [pid 3538] <... futex resumed>) = ? [pid 3538] +++ exited with 0 +++ [pid 3534] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3534, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./640", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./640", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./640/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./640/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./640/binderfs") = 0 umount2("./640/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./640/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./640/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./640/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./640/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./640/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./640") = 0 [ 65.055900][ T3535] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue mkdir("./641", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3539 ./strace-static-x86_64: Process 3539 attached [pid 3539] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3539] chdir("./641") = 0 [pid 3539] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3539] setpgid(0, 0) = 0 [pid 3539] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3539] write(3, "1000", 4) = 4 [pid 3539] close(3) = 0 [pid 3539] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3539] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3539] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3539] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3540], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3540 [pid 3539] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3539] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3540 attached [pid 3540] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3540] memfd_create("syzkaller", 0) = 3 [pid 3540] ftruncate(3, 2097152) = 0 [pid 3540] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3540] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3540] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3540] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3540] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3540] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3540] mkdir("./file0", 0777) = 0 [pid 3540] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3540] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3540] ioctl(4, LOOP_CLR_FD) = 0 [pid 3540] close(4) = 0 [pid 3540] close(3) = 0 [pid 3540] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3539] <... futex resumed>) = 0 [pid 3539] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3539] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3540] <... futex resumed>) = 1 [pid 3540] chdir("./file0") = 0 [pid 3540] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3539] <... futex resumed>) = 0 [pid 3539] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3539] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3540] <... futex resumed>) = 1 [pid 3540] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3540] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3539] <... futex resumed>) = 0 [pid 3539] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3539] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3539] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3539] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3543 attached [pid 3540] <... futex resumed>) = 1 [pid 3539] <... clone resumed>, parent_tid=[3543], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3543 [pid 3539] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3539] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3540] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3543] set_robust_list(0x7f697cdce9e0, 24 [pid 3540] <... write resumed>) = 61 [pid 3543] <... set_robust_list resumed>) = 0 [pid 3540] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3543] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3540] <... futex resumed>) = 0 [pid 3540] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3543] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3543] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3539] <... futex resumed>) = 0 [pid 3539] exit_group(0) = ? [pid 3543] <... futex resumed>) = ? [pid 3543] +++ exited with 0 +++ [pid 3540] <... futex resumed>) = ? [pid 3540] +++ exited with 0 +++ [pid 3539] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3539, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./641", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./641", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./641/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./641/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./641/binderfs") = 0 umount2("./641/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./641/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./641/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./641/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./641/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./641/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./641") = 0 mkdir("./642", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3544 ./strace-static-x86_64: Process 3544 attached [pid 3544] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3544] chdir("./642") = 0 [pid 3544] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3544] setpgid(0, 0) = 0 [pid 3544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3544] write(3, "1000", 4) = 4 [pid 3544] close(3) = 0 [pid 3544] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3544] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3544] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3544] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3545], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3545 [pid 3544] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3544] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3545 attached [pid 3545] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3545] memfd_create("syzkaller", 0) = 3 [pid 3545] ftruncate(3, 2097152) = 0 [pid 3545] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3545] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3545] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3545] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3545] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3545] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3545] mkdir("./file0", 0777) = 0 [ 65.123566][ T3540] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3545] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3545] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3545] ioctl(4, LOOP_CLR_FD) = 0 [pid 3545] close(4) = 0 [pid 3545] close(3) = 0 [pid 3545] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3544] <... futex resumed>) = 0 [pid 3544] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3544] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3545] <... futex resumed>) = 1 [pid 3545] chdir("./file0") = 0 [pid 3545] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3544] <... futex resumed>) = 0 [pid 3544] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3544] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3545] <... futex resumed>) = 1 [pid 3545] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3545] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3544] <... futex resumed>) = 0 [pid 3544] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3544] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3544] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3544] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3548], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3548 [pid 3544] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3544] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3545] <... futex resumed>) = 1 [pid 3545] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3545] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3545] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3548 attached [pid 3548] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3548] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3548] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3544] <... futex resumed>) = 0 [pid 3544] exit_group(0) = ? [pid 3545] <... futex resumed>) = ? [pid 3545] +++ exited with 0 +++ [pid 3548] <... futex resumed>) = 231 [pid 3548] +++ exited with 0 +++ [pid 3544] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3544, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./642", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./642", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./642/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./642/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./642/binderfs") = 0 [ 65.173032][ T3545] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./642/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./642/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./642/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./642/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./642/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./642/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./642") = 0 mkdir("./643", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3549 ./strace-static-x86_64: Process 3549 attached [pid 3549] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3549] chdir("./643") = 0 [pid 3549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3549] setpgid(0, 0) = 0 [pid 3549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3549] write(3, "1000", 4) = 4 [pid 3549] close(3) = 0 [pid 3549] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3549] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3549] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3549] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3550], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3550 [pid 3549] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3549] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3550 attached [pid 3550] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3550] memfd_create("syzkaller", 0) = 3 [pid 3550] ftruncate(3, 2097152) = 0 [pid 3550] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3550] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3550] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3550] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3550] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3550] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3550] mkdir("./file0", 0777) = 0 [pid 3550] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3550] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3550] ioctl(4, LOOP_CLR_FD) = 0 [pid 3550] close(4) = 0 [pid 3550] close(3) = 0 [pid 3550] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3549] <... futex resumed>) = 0 [pid 3549] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3549] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3550] <... futex resumed>) = 1 [pid 3550] chdir("./file0") = 0 [pid 3550] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3549] <... futex resumed>) = 0 [pid 3549] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3549] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3550] <... futex resumed>) = 1 [pid 3550] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3550] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3549] <... futex resumed>) = 0 [pid 3549] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3549] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3549] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3549] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3553], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3553 [pid 3549] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3549] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3550] <... futex resumed>) = 1 [pid 3550] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3550] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3550] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3553 attached [pid 3553] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3553] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3553] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3549] <... futex resumed>) = 0 [pid 3549] exit_group(0) = ? [pid 3550] <... futex resumed>) = ? [pid 3550] +++ exited with 0 +++ [pid 3553] <... futex resumed>) = ? [pid 3553] +++ exited with 0 +++ [pid 3549] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3549, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./643", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./643", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./643/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./643/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./643/binderfs") = 0 umount2("./643/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./643/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./643/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./643/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./643/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./643/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./643") = 0 mkdir("./644", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3554 ./strace-static-x86_64: Process 3554 attached [pid 3554] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3554] chdir("./644") = 0 [pid 3554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3554] setpgid(0, 0) = 0 [pid 3554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3554] write(3, "1000", 4) = 4 [pid 3554] close(3) = 0 [pid 3554] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3554] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3554] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3554] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3555], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3555 [pid 3554] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3554] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3555 attached [pid 3555] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3555] memfd_create("syzkaller", 0) = 3 [pid 3555] ftruncate(3, 2097152) = 0 [pid 3555] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3555] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3555] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3555] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3555] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3555] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3555] mkdir("./file0", 0777) = 0 [ 65.256435][ T3550] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3555] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3555] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3555] ioctl(4, LOOP_CLR_FD) = 0 [pid 3555] close(4) = 0 [pid 3555] close(3) = 0 [pid 3555] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3554] <... futex resumed>) = 0 [pid 3554] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3554] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3555] <... futex resumed>) = 1 [pid 3555] chdir("./file0") = 0 [pid 3555] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3554] <... futex resumed>) = 0 [pid 3554] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3554] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3555] <... futex resumed>) = 1 [pid 3555] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3555] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3554] <... futex resumed>) = 0 [pid 3554] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3554] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3554] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3554] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3558], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3558 [pid 3554] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3554] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3555] <... futex resumed>) = 1 [pid 3555] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3555] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3555] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3558 attached [pid 3558] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3558] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3558] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3554] <... futex resumed>) = 0 [pid 3554] exit_group(0) = ? [pid 3555] <... futex resumed>) = ? [pid 3555] +++ exited with 0 +++ [pid 3558] <... futex resumed>) = ? [pid 3558] +++ exited with 0 +++ [pid 3554] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3554, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./644", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./644", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./644/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./644/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./644/binderfs") = 0 umount2("./644/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./644/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./644/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./644/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./644/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./644/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./644") = 0 mkdir("./645", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3559 ./strace-static-x86_64: Process 3559 attached [pid 3559] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3559] chdir("./645") = 0 [pid 3559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3559] setpgid(0, 0) = 0 [pid 3559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3559] write(3, "1000", 4) = 4 [pid 3559] close(3) = 0 [pid 3559] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3559] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3559] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3559] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3560], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3560 [pid 3559] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3559] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3560 attached [pid 3560] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3560] memfd_create("syzkaller", 0) = 3 [pid 3560] ftruncate(3, 2097152) = 0 [pid 3560] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3560] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3560] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3560] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3560] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3560] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3560] mkdir("./file0", 0777) = 0 [ 65.306871][ T3555] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3560] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3560] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3560] ioctl(4, LOOP_CLR_FD) = 0 [pid 3560] close(4) = 0 [pid 3560] close(3) = 0 [pid 3560] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3559] <... futex resumed>) = 0 [pid 3559] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3559] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3560] <... futex resumed>) = 1 [pid 3560] chdir("./file0") = 0 [pid 3560] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3559] <... futex resumed>) = 0 [pid 3559] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3559] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3560] <... futex resumed>) = 1 [pid 3560] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3560] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3559] <... futex resumed>) = 0 [pid 3559] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3559] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3559] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3559] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3563], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3563 [pid 3559] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3559] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3560] <... futex resumed>) = 1 [pid 3560] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3560] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3560] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3563 attached [pid 3563] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3563] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3563] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3559] <... futex resumed>) = 0 [pid 3563] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3559] exit_group(0) = ? [pid 3560] <... futex resumed>) = ? [pid 3563] <... futex resumed>) = ? [pid 3560] +++ exited with 0 +++ [pid 3563] +++ exited with 0 +++ [pid 3559] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3559, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./645", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./645", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./645/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./645/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./645/binderfs") = 0 umount2("./645/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./645/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./645/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./645/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./645/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./645/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./645") = 0 mkdir("./646", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3564 ./strace-static-x86_64: Process 3564 attached [pid 3564] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3564] chdir("./646") = 0 [pid 3564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3564] setpgid(0, 0) = 0 [pid 3564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3564] write(3, "1000", 4) = 4 [pid 3564] close(3) = 0 [pid 3564] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3564] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3564] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3564] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3565], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3565 [pid 3564] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3564] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3565 attached [pid 3565] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3565] memfd_create("syzkaller", 0) = 3 [pid 3565] ftruncate(3, 2097152) = 0 [pid 3565] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3565] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3565] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3565] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3565] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3565] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3565] mkdir("./file0", 0777) = 0 [ 65.354166][ T3560] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3565] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3565] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3565] ioctl(4, LOOP_CLR_FD) = 0 [pid 3565] close(4) = 0 [pid 3565] close(3) = 0 [pid 3565] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3564] <... futex resumed>) = 0 [pid 3564] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3564] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3565] <... futex resumed>) = 1 [pid 3565] chdir("./file0") = 0 [pid 3565] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3564] <... futex resumed>) = 0 [pid 3564] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3564] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3565] <... futex resumed>) = 1 [pid 3565] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3565] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3564] <... futex resumed>) = 0 [pid 3564] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3564] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3564] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3564] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3565] <... futex resumed>) = 1 [pid 3564] <... clone resumed>, parent_tid=[3568], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3568 [pid 3564] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3564] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3568 attached [pid 3568] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3568] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3565] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3568] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3568] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3565] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 3564] <... futex resumed>) = 0 [pid 3568] <... futex resumed>) = 1 [pid 3568] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3565] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3565] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3564] exit_group(0) = ? [pid 3565] <... futex resumed>) = ? [pid 3565] +++ exited with 0 +++ [pid 3568] <... futex resumed>) = ? [pid 3568] +++ exited with 0 +++ [pid 3564] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3564, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./646", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./646", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./646/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./646/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./646/binderfs") = 0 umount2("./646/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./646/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./646/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./646/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./646/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./646/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./646") = 0 mkdir("./647", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3569 ./strace-static-x86_64: Process 3569 attached [pid 3569] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3569] chdir("./647") = 0 [pid 3569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3569] setpgid(0, 0) = 0 [pid 3569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3569] write(3, "1000", 4) = 4 [pid 3569] close(3) = 0 [pid 3569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3569] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3569] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3569] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3570], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3570 [pid 3569] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3569] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3570 attached [pid 3570] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3570] memfd_create("syzkaller", 0) = 3 [pid 3570] ftruncate(3, 2097152) = 0 [pid 3570] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3570] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3570] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3570] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3570] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3570] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3570] mkdir("./file0", 0777) = 0 [ 65.413110][ T3565] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3570] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3570] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3570] ioctl(4, LOOP_CLR_FD) = 0 [pid 3570] close(4) = 0 [pid 3570] close(3) = 0 [pid 3570] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3569] <... futex resumed>) = 0 [pid 3569] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3569] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3570] <... futex resumed>) = 1 [pid 3570] chdir("./file0") = 0 [pid 3570] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3569] <... futex resumed>) = 0 [pid 3569] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3569] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3570] <... futex resumed>) = 1 [pid 3570] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3570] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3569] <... futex resumed>) = 0 [pid 3569] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3569] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3569] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3569] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3573], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3573 [pid 3569] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3569] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3570] <... futex resumed>) = 1 [pid 3570] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3570] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3570] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3573 attached [pid 3573] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3573] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3573] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3569] <... futex resumed>) = 0 [pid 3569] exit_group(0) = ? [pid 3570] <... futex resumed>) = ? [pid 3573] <... futex resumed>) = ? [pid 3570] +++ exited with 0 +++ [pid 3573] +++ exited with 0 +++ [pid 3569] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3569, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./647", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./647", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./647/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./647/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./647/binderfs") = 0 umount2("./647/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./647/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./647/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./647/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./647/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./647/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./647") = 0 mkdir("./648", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3574 ./strace-static-x86_64: Process 3574 attached [pid 3574] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3574] chdir("./648") = 0 [pid 3574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3574] setpgid(0, 0) = 0 [pid 3574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3574] write(3, "1000", 4) = 4 [pid 3574] close(3) = 0 [pid 3574] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3574] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3574] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3574] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3575], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3575 [pid 3574] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3574] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3575 attached [pid 3575] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3575] memfd_create("syzkaller", 0) = 3 [pid 3575] ftruncate(3, 2097152) = 0 [pid 3575] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3575] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3575] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3575] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3575] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3575] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3575] mkdir("./file0", 0777) = 0 [ 65.462834][ T3570] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3575] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3575] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3575] ioctl(4, LOOP_CLR_FD) = 0 [pid 3575] close(4) = 0 [pid 3575] close(3) = 0 [pid 3575] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3575] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3574] <... futex resumed>) = 0 [pid 3574] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3574] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3575] <... futex resumed>) = 0 [pid 3575] chdir("./file0") = 0 [pid 3575] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3574] <... futex resumed>) = 0 [pid 3574] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3574] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3575] <... futex resumed>) = 1 [pid 3575] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3575] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3574] <... futex resumed>) = 0 [pid 3574] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3575] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3574] <... futex resumed>) = 0 [pid 3574] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3575] <... write resumed>) = 61 [pid 3575] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3574] <... mmap resumed>) = 0x7f697cdae000 [pid 3574] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3575] <... futex resumed>) = 0 [pid 3575] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3574] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3578], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3578 ./strace-static-x86_64: Process 3578 attached [pid 3578] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3578] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3574] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3578] <... futex resumed>) = 0 [pid 3574] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3578] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3578] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3574] <... futex resumed>) = 0 [pid 3574] exit_group(0) = ? [pid 3575] <... futex resumed>) = ? [pid 3578] <... futex resumed>) = ? [pid 3575] +++ exited with 0 +++ [pid 3578] +++ exited with 0 +++ [pid 3574] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3574, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./648", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./648", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./648/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./648/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./648/binderfs") = 0 umount2("./648/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./648/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./648/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./648/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./648/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./648/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./648") = 0 mkdir("./649", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3579 ./strace-static-x86_64: Process 3579 attached [pid 3579] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3579] chdir("./649") = 0 [pid 3579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3579] setpgid(0, 0) = 0 [pid 3579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3579] write(3, "1000", 4) = 4 [pid 3579] close(3) = 0 [pid 3579] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3579] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3579] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3579] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3580 attached , parent_tid=[3580], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3580 [pid 3580] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3580] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3579] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3580] <... futex resumed>) = 0 [pid 3580] memfd_create("syzkaller", 0 [pid 3579] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3580] <... memfd_create resumed>) = 3 [pid 3580] ftruncate(3, 2097152) = 0 [pid 3580] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3580] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3580] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3580] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3580] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3580] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3580] mkdir("./file0", 0777) = 0 [ 65.518893][ T3575] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3580] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3580] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3580] ioctl(4, LOOP_CLR_FD) = 0 [pid 3580] close(4) = 0 [pid 3580] close(3) = 0 [pid 3580] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3579] <... futex resumed>) = 0 [pid 3580] chdir("./file0" [pid 3579] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3580] <... chdir resumed>) = 0 [pid 3580] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3579] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3580] <... futex resumed>) = 0 [pid 3579] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3579] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3580] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3579] <... futex resumed>) = 0 [pid 3579] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3580] <... openat resumed>) = 3 [pid 3580] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3579] <... futex resumed>) = 0 [pid 3580] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3579] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3579] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3580] <... write resumed>) = 61 [pid 3579] <... futex resumed>) = 0 [pid 3580] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3580] <... futex resumed>) = 0 [pid 3579] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3579] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3580] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3583 attached [pid 3583] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3583] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3579] <... clone resumed>, parent_tid=[3583], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3583 [pid 3579] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3583] <... futex resumed>) = 0 [pid 3583] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3579] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3583] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3583] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3579] <... futex resumed>) = 0 [pid 3579] exit_group(0) = ? [pid 3580] <... futex resumed>) = ? [pid 3583] <... futex resumed>) = ? [pid 3580] +++ exited with 0 +++ [pid 3583] +++ exited with 0 +++ [pid 3579] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3579, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./649", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./649", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./649/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./649/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./649/binderfs") = 0 [ 65.578346][ T3580] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./649/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./649/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./649/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./649/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./649/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./649/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./649") = 0 mkdir("./650", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3584 ./strace-static-x86_64: Process 3584 attached [pid 3584] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3584] chdir("./650") = 0 [pid 3584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3584] setpgid(0, 0) = 0 [pid 3584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3584] write(3, "1000", 4) = 4 [pid 3584] close(3) = 0 [pid 3584] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3584] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3584] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3584] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3585], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3585 ./strace-static-x86_64: Process 3585 attached [pid 3584] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3585] set_robust_list(0x7f697cdef9e0, 24 [pid 3584] <... futex resumed>) = 0 [pid 3585] <... set_robust_list resumed>) = 0 [pid 3584] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3585] memfd_create("syzkaller", 0) = 3 [pid 3585] ftruncate(3, 2097152) = 0 [pid 3585] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3585] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3585] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3585] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3585] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3585] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3585] mkdir("./file0", 0777) = 0 [pid 3585] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3585] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3585] ioctl(4, LOOP_CLR_FD) = 0 [pid 3585] close(4) = 0 [pid 3585] close(3) = 0 [pid 3585] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3584] <... futex resumed>) = 0 [pid 3584] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3584] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3585] <... futex resumed>) = 1 [pid 3585] chdir("./file0") = 0 [pid 3585] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3584] <... futex resumed>) = 0 [pid 3584] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3585] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3584] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3585] <... openat resumed>) = 3 [pid 3585] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3584] <... futex resumed>) = 0 [pid 3584] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3584] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3584] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3584] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3588], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3588 [pid 3584] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3584] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3585] <... futex resumed>) = 1 [pid 3585] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3585] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3585] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3588 attached [pid 3588] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3588] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3588] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3584] <... futex resumed>) = 0 [pid 3584] exit_group(0) = ? [pid 3588] <... futex resumed>) = ? [pid 3585] <... futex resumed>) = ? [pid 3585] +++ exited with 0 +++ [pid 3588] +++ exited with 0 +++ [pid 3584] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3584, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./650", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./650", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./650/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./650/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./650/binderfs") = 0 umount2("./650/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./650/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./650/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./650/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./650/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./650/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./650") = 0 mkdir("./651", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3589 ./strace-static-x86_64: Process 3589 attached [pid 3589] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3589] chdir("./651") = 0 [pid 3589] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3589] setpgid(0, 0) = 0 [pid 3589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3589] write(3, "1000", 4) = 4 [pid 3589] close(3) = 0 [pid 3589] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3589] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3589] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3589] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3590], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3590 [pid 3589] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3589] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3590 attached [pid 3590] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3590] memfd_create("syzkaller", 0) = 3 [pid 3590] ftruncate(3, 2097152) = 0 [pid 3590] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3590] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3590] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3590] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3590] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3590] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3590] mkdir("./file0", 0777) = 0 [pid 3590] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3590] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3590] ioctl(4, LOOP_CLR_FD) = 0 [pid 3590] close(4) = 0 [pid 3590] close(3) = 0 [pid 3590] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3589] <... futex resumed>) = 0 [pid 3589] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3589] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3590] <... futex resumed>) = 1 [pid 3590] chdir("./file0") = 0 [pid 3590] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3589] <... futex resumed>) = 0 [pid 3589] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3589] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3590] <... futex resumed>) = 1 [pid 3590] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3590] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3589] <... futex resumed>) = 0 [pid 3589] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3589] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3589] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3589] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3593 attached , parent_tid=[3593], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3593 [pid 3589] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3589] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3593] set_robust_list(0x7f697cdce9e0, 24 [pid 3590] <... futex resumed>) = 1 [pid 3590] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3593] <... set_robust_list resumed>) = 0 [pid 3593] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3590] <... write resumed>) = 61 [pid 3590] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3590] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3593] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3593] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3589] <... futex resumed>) = 0 [pid 3589] exit_group(0) = ? [pid 3590] <... futex resumed>) = ? [pid 3590] +++ exited with 0 +++ [pid 3593] +++ exited with 0 +++ [pid 3589] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3589, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./651", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./651", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./651/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./651/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./651/binderfs") = 0 [ 65.654244][ T3585] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 65.693250][ T3590] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./651/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./651/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./651/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./651/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./651/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./651/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./651") = 0 mkdir("./652", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3594 ./strace-static-x86_64: Process 3594 attached [pid 3594] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3594] chdir("./652") = 0 [pid 3594] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3594] setpgid(0, 0) = 0 [pid 3594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3594] write(3, "1000", 4) = 4 [pid 3594] close(3) = 0 [pid 3594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3594] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3594] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3594] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3595], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3595 [pid 3594] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3594] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3595 attached [pid 3595] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3595] memfd_create("syzkaller", 0) = 3 [pid 3595] ftruncate(3, 2097152) = 0 [pid 3595] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3595] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3595] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3595] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3595] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3595] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3595] mkdir("./file0", 0777) = 0 [pid 3595] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3595] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3595] ioctl(4, LOOP_CLR_FD) = 0 [pid 3595] close(4) = 0 [pid 3595] close(3) = 0 [pid 3595] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3594] <... futex resumed>) = 0 [pid 3594] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3594] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3595] <... futex resumed>) = 1 [pid 3595] chdir("./file0") = 0 [pid 3595] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3594] <... futex resumed>) = 0 [pid 3594] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3594] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3595] <... futex resumed>) = 1 [pid 3595] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3595] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3594] <... futex resumed>) = 0 [pid 3594] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3594] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3594] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3594] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3598], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3598 [pid 3594] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3594] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3595] <... futex resumed>) = 1 [pid 3595] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3595] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3595] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3598 attached [pid 3598] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3598] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3598] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3594] <... futex resumed>) = 0 [pid 3594] exit_group(0) = ? [pid 3595] <... futex resumed>) = ? [pid 3595] +++ exited with 0 +++ [pid 3598] <... futex resumed>) = ? [pid 3598] +++ exited with 0 +++ [pid 3594] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3594, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./652", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./652", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./652/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./652/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./652/binderfs") = 0 umount2("./652/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./652/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./652/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./652/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./652/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./652/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./652") = 0 mkdir("./653", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3599 ./strace-static-x86_64: Process 3599 attached [pid 3599] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3599] chdir("./653") = 0 [pid 3599] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3599] setpgid(0, 0) = 0 [pid 3599] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3599] write(3, "1000", 4) = 4 [pid 3599] close(3) = 0 [pid 3599] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3599] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3599] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3599] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3599] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3600], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3600 [pid 3599] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3599] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3600 attached [pid 3600] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3600] memfd_create("syzkaller", 0) = 3 [pid 3600] ftruncate(3, 2097152) = 0 [pid 3600] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3600] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3600] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3600] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3600] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3600] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3600] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3600] mkdir("./file0", 0777) = 0 [pid 3600] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3600] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3600] ioctl(4, LOOP_CLR_FD) = 0 [pid 3600] close(4) = 0 [pid 3600] close(3) = 0 [pid 3600] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3599] <... futex resumed>) = 0 [pid 3599] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3599] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3600] <... futex resumed>) = 1 [pid 3600] chdir("./file0") = 0 [pid 3600] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3599] <... futex resumed>) = 0 [pid 3599] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3599] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3600] <... futex resumed>) = 1 [pid 3600] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3600] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3599] <... futex resumed>) = 0 [pid 3599] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3599] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3599] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3599] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3599] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3603], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3603 [pid 3599] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3599] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3600] <... futex resumed>) = 1 [pid 3600] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3600] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3600] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3603 attached [pid 3603] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3603] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3603] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3599] <... futex resumed>) = 0 [pid 3599] exit_group(0) = ? [pid 3600] <... futex resumed>) = ? [pid 3600] +++ exited with 0 +++ [pid 3603] <... futex resumed>) = ? [pid 3603] +++ exited with 0 +++ [pid 3599] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3599, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./653", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./653", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./653/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./653/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./653/binderfs") = 0 umount2("./653/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./653/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./653/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./653/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./653/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./653/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./653") = 0 mkdir("./654", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3604 ./strace-static-x86_64: Process 3604 attached [pid 3604] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3604] chdir("./654") = 0 [pid 3604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3604] setpgid(0, 0) = 0 [pid 3604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3604] write(3, "1000", 4) = 4 [pid 3604] close(3) = 0 [pid 3604] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3604] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3604] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3604] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3604] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3605], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3605 [pid 3604] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3604] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3605 attached [pid 3605] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3605] memfd_create("syzkaller", 0) = 3 [pid 3605] ftruncate(3, 2097152) = 0 [pid 3605] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3605] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3605] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3605] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3605] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3605] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3605] ioctl(4, LOOP_CLR_FD) = 0 [pid 3605] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3605] close(4) = 0 [pid 3605] close(3) = 0 [pid 3605] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3604] <... futex resumed>) = 0 [pid 3604] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3604] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3605] <... futex resumed>) = 1 [pid 3605] chdir("./file0") = -1 ENOENT (No such file or directory) [pid 3605] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3604] <... futex resumed>) = 0 [pid 3604] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3604] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3605] <... futex resumed>) = 1 [pid 3605] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3605] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3604] <... futex resumed>) = 0 [pid 3604] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3604] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3604] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3604] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3604] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3606], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3606 [pid 3604] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3604] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3605] <... futex resumed>) = 1 [pid 3605] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3605] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3605] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3606 attached [pid 3606] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3606] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3606] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3604] <... futex resumed>) = 0 [pid 3604] exit_group(0 [pid 3605] <... futex resumed>) = ? [pid 3604] <... exit_group resumed>) = ? [pid 3605] +++ exited with 0 +++ [pid 3606] <... futex resumed>) = ? [pid 3606] +++ exited with 0 +++ [pid 3604] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3604, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./654", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./654", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 128 umount2("./654/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./654/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./654/binderfs") = 0 umount2("./654/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./654/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=61, ...}) = 0 unlink("./654/cpuset.effective_cpus") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./654") = 0 mkdir("./655", 0777) = 0 [ 65.751157][ T3595] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 65.790847][ T3600] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3607 ./strace-static-x86_64: Process 3607 attached [pid 3607] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3607] chdir("./655") = 0 [pid 3607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3607] setpgid(0, 0) = 0 [pid 3607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1000", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3607] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3607] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3607] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3608 attached , parent_tid=[3608], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3608 [pid 3607] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3608] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3608] memfd_create("syzkaller", 0) = 3 [pid 3608] ftruncate(3, 2097152) = 0 [pid 3608] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3608] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3608] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3608] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3608] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3608] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3608] mkdir("./file0", 0777) = 0 [pid 3608] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3608] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3608] ioctl(4, LOOP_CLR_FD) = 0 [pid 3608] close(4) = 0 [pid 3608] close(3) = 0 [pid 3608] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3607] <... futex resumed>) = 0 [pid 3607] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] chdir("./file0" [pid 3607] <... futex resumed>) = 0 [pid 3607] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3608] <... chdir resumed>) = 0 [pid 3608] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3607] <... futex resumed>) = 0 [pid 3607] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3607] <... futex resumed>) = 0 [pid 3607] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3608] <... openat resumed>) = 3 [pid 3608] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3607] <... futex resumed>) = 0 [pid 3607] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3607] <... futex resumed>) = 0 [pid 3607] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3608] <... write resumed>) = 61 [pid 3607] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3607] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3608] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3611 attached [pid 3611] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3611] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3607] <... clone resumed>, parent_tid=[3611], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3611 [pid 3608] <... futex resumed>) = 0 [pid 3607] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] <... futex resumed>) = 0 [pid 3611] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3607] <... futex resumed>) = 1 [pid 3607] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3608] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3611] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3611] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3607] <... futex resumed>) = 0 [pid 3607] exit_group(0 [pid 3611] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3607] <... exit_group resumed>) = ? [pid 3611] <... futex resumed>) = ? [pid 3611] +++ exited with 0 +++ [pid 3608] <... futex resumed>) = ? [pid 3608] +++ exited with 0 +++ [pid 3607] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3607, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./655", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./655", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./655/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./655/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./655/binderfs") = 0 [ 65.935029][ T3608] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./655/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./655/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./655/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./655/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./655/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./655/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./655") = 0 mkdir("./656", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3612 ./strace-static-x86_64: Process 3612 attached [pid 3612] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3612] chdir("./656") = 0 [pid 3612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3612] setpgid(0, 0) = 0 [pid 3612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3612] write(3, "1000", 4) = 4 [pid 3612] close(3) = 0 [pid 3612] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3612] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3612] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3612] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3613], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3613 [pid 3612] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3612] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3613 attached [pid 3613] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3613] memfd_create("syzkaller", 0) = 3 [pid 3613] ftruncate(3, 2097152) = 0 [pid 3613] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3613] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3613] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3613] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3613] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3613] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3613] mkdir("./file0", 0777) = 0 [pid 3613] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3613] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3613] ioctl(4, LOOP_CLR_FD) = 0 [pid 3613] close(4) = 0 [pid 3613] close(3) = 0 [pid 3613] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3612] <... futex resumed>) = 0 [pid 3612] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3612] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3613] <... futex resumed>) = 1 [pid 3613] chdir("./file0") = 0 [pid 3613] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3612] <... futex resumed>) = 0 [pid 3612] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3612] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3613] <... futex resumed>) = 1 [pid 3613] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3613] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3612] <... futex resumed>) = 0 [pid 3612] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3612] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3612] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3612] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3616], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3616 [pid 3612] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3612] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3613] <... futex resumed>) = 1 [pid 3613] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3613] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3613] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3616 attached [pid 3616] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3616] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3616] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3612] <... futex resumed>) = 0 [pid 3612] exit_group(0) = ? [pid 3613] <... futex resumed>) = ? [pid 3613] +++ exited with 0 +++ [pid 3616] <... futex resumed>) = ? [pid 3616] +++ exited with 0 +++ [pid 3612] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3612, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./656", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./656", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./656/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./656/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./656/binderfs") = 0 [ 66.050958][ T3613] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./656/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./656/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./656/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./656/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./656/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./656/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./656") = 0 mkdir("./657", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3617 ./strace-static-x86_64: Process 3617 attached [pid 3617] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3617] chdir("./657") = 0 [pid 3617] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3617] setpgid(0, 0) = 0 [pid 3617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3617] write(3, "1000", 4) = 4 [pid 3617] close(3) = 0 [pid 3617] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3617] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3617] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3617] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3618], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3618 ./strace-static-x86_64: Process 3618 attached [pid 3618] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3618] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3617] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3618] <... futex resumed>) = 0 [pid 3617] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3618] memfd_create("syzkaller", 0) = 3 [pid 3618] ftruncate(3, 2097152) = 0 [pid 3618] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3618] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3618] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3618] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3618] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3618] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3618] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3618] mkdir("./file0", 0777) = 0 [pid 3618] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3618] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3618] ioctl(4, LOOP_CLR_FD) = 0 [pid 3618] close(4) = 0 [pid 3618] close(3) = 0 [pid 3618] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3617] <... futex resumed>) = 0 [pid 3617] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3617] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3618] <... futex resumed>) = 1 [pid 3618] chdir("./file0") = 0 [pid 3618] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3617] <... futex resumed>) = 0 [pid 3617] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3617] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3618] <... futex resumed>) = 1 [pid 3618] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3618] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3617] <... futex resumed>) = 0 [pid 3617] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3617] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3617] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3617] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3621], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3621 [pid 3617] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3617] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3618] <... futex resumed>) = 1 [pid 3618] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3618] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3618] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3621 attached [pid 3621] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3621] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3621] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3617] <... futex resumed>) = 0 [pid 3617] exit_group(0) = ? [pid 3618] <... futex resumed>) = ? [pid 3618] +++ exited with 0 +++ [pid 3621] <... futex resumed>) = ? [pid 3621] +++ exited with 0 +++ [pid 3617] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3617, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./657", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./657", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./657/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./657/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./657/binderfs") = 0 umount2("./657/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./657/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./657/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./657/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./657/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./657/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./657") = 0 mkdir("./658", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3622 ./strace-static-x86_64: Process 3622 attached [pid 3622] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3622] chdir("./658") = 0 [pid 3622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3622] setpgid(0, 0) = 0 [pid 3622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3622] write(3, "1000", 4) = 4 [pid 3622] close(3) = 0 [pid 3622] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3622] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3622] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3622] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3623], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3623 [pid 3622] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3622] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3623 attached [pid 3623] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3623] memfd_create("syzkaller", 0) = 3 [pid 3623] ftruncate(3, 2097152) = 0 [pid 3623] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3623] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3623] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3623] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3623] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3623] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3623] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3623] mkdir("./file0", 0777) = 0 [ 66.157131][ T3618] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3623] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3623] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3623] ioctl(4, LOOP_CLR_FD) = 0 [pid 3623] close(4) = 0 [pid 3623] close(3) = 0 [pid 3623] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3622] <... futex resumed>) = 0 [pid 3622] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3622] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3623] <... futex resumed>) = 1 [pid 3623] chdir("./file0") = 0 [pid 3623] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3622] <... futex resumed>) = 0 [pid 3622] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3622] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3623] <... futex resumed>) = 1 [pid 3623] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3623] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3622] <... futex resumed>) = 0 [pid 3622] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3622] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3622] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3622] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3626], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3626 [pid 3622] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3622] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3623] <... futex resumed>) = 1 [pid 3623] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3623] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3623] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3626 attached [pid 3626] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3626] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3626] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3622] <... futex resumed>) = 0 [pid 3622] exit_group(0) = ? [pid 3623] <... futex resumed>) = ? [pid 3623] +++ exited with 0 +++ [pid 3626] <... futex resumed>) = ? [pid 3626] +++ exited with 0 +++ [pid 3622] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3622, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./658", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./658", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./658/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./658/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./658/binderfs") = 0 umount2("./658/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./658/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./658/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./658/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./658/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./658/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./658") = 0 mkdir("./659", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3627 ./strace-static-x86_64: Process 3627 attached [pid 3627] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3627] chdir("./659") = 0 [pid 3627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3627] setpgid(0, 0) = 0 [pid 3627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3627] write(3, "1000", 4) = 4 [pid 3627] close(3) = 0 [pid 3627] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3627] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3627] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3627] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3628], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3628 [pid 3627] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3628 attached [pid 3628] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3628] memfd_create("syzkaller", 0) = 3 [pid 3628] ftruncate(3, 2097152) = 0 [pid 3628] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3628] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3628] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3628] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3628] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3628] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3628] mkdir("./file0", 0777) = 0 [ 66.203531][ T3623] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3628] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3628] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3628] ioctl(4, LOOP_CLR_FD) = 0 [pid 3628] close(4) = 0 [pid 3628] close(3) = 0 [pid 3628] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3627] <... futex resumed>) = 0 [pid 3627] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] <... futex resumed>) = 1 [pid 3628] chdir("./file0") = 0 [pid 3628] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3627] <... futex resumed>) = 0 [pid 3627] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] <... futex resumed>) = 1 [pid 3628] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3628] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3627] <... futex resumed>) = 0 [pid 3627] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3627] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3627] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3631], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3631 [pid 3627] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] <... futex resumed>) = 1 [pid 3628] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3628] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3628] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3631 attached [pid 3631] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3631] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3631] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3627] <... futex resumed>) = 0 [pid 3627] exit_group(0) = ? [pid 3631] <... futex resumed>) = ? [pid 3628] <... futex resumed>) = ? [pid 3628] +++ exited with 0 +++ [pid 3631] +++ exited with 0 +++ [pid 3627] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3627, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./659", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./659", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./659/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./659/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./659/binderfs") = 0 umount2("./659/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./659/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./659/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./659/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./659/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./659/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./659") = 0 mkdir("./660", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3632 ./strace-static-x86_64: Process 3632 attached [pid 3632] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3632] chdir("./660") = 0 [pid 3632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3632] setpgid(0, 0) = 0 [pid 3632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3632] write(3, "1000", 4) = 4 [pid 3632] close(3) = 0 [pid 3632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3632] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3632] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3632] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3633], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3633 [pid 3632] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3632] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3633 attached [pid 3633] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3633] memfd_create("syzkaller", 0) = 3 [pid 3633] ftruncate(3, 2097152) = 0 [pid 3633] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3633] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3633] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3633] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3633] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3633] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3633] mkdir("./file0", 0777) = 0 [ 66.253273][ T3628] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3633] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3633] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3633] ioctl(4, LOOP_CLR_FD) = 0 [pid 3633] close(4) = 0 [pid 3633] close(3) = 0 [pid 3633] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3632] <... futex resumed>) = 0 [pid 3632] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3632] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [pid 3633] chdir("./file0") = 0 [pid 3633] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3632] <... futex resumed>) = 0 [pid 3632] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3632] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [pid 3633] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3633] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3632] <... futex resumed>) = 0 [pid 3632] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3632] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3632] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3632] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3636], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3636 [pid 3632] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3632] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [pid 3633] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3633] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3633] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3636 attached [pid 3636] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3636] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3636] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3632] <... futex resumed>) = 0 [pid 3632] exit_group(0) = ? [pid 3633] <... futex resumed>) = ? [pid 3633] +++ exited with 0 +++ [pid 3636] <... futex resumed>) = ? [pid 3636] +++ exited with 0 +++ [pid 3632] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3632, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./660", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./660", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./660/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./660/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./660/binderfs") = 0 umount2("./660/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./660/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./660/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./660/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./660/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./660/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./660") = 0 mkdir("./661", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3637 ./strace-static-x86_64: Process 3637 attached [pid 3637] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3637] chdir("./661") = 0 [pid 3637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3637] setpgid(0, 0) = 0 [pid 3637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3637] write(3, "1000", 4) = 4 [pid 3637] close(3) = 0 [pid 3637] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3637] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3637] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3637] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3638], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3638 [pid 3637] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3638 attached [pid 3638] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3638] memfd_create("syzkaller", 0) = 3 [pid 3638] ftruncate(3, 2097152) = 0 [pid 3638] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3638] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [ 66.300889][ T3633] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3638] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3638] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3638] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3638] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3638] mkdir("./file0", 0777) = 0 [pid 3638] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3638] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3638] ioctl(4, LOOP_CLR_FD) = 0 [pid 3638] close(4) = 0 [pid 3638] close(3) = 0 [pid 3638] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... futex resumed>) = 0 [pid 3637] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3638] <... futex resumed>) = 1 [pid 3638] chdir("./file0") = 0 [pid 3638] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... futex resumed>) = 0 [pid 3637] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3638] <... futex resumed>) = 1 [pid 3638] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3638] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... futex resumed>) = 0 [pid 3637] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3637] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3637] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3641 attached , parent_tid=[3641], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3641 [pid 3637] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3641] set_robust_list(0x7f697cdce9e0, 24 [pid 3638] <... futex resumed>) = 1 [pid 3638] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3641] <... set_robust_list resumed>) = 0 [pid 3641] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3638] <... write resumed>) = 61 [pid 3638] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3638] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3641] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3641] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... futex resumed>) = 0 [pid 3637] exit_group(0) = ? [pid 3641] <... futex resumed>) = ? [pid 3638] <... futex resumed>) = ? [pid 3638] +++ exited with 0 +++ [pid 3641] +++ exited with 0 +++ [pid 3637] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3637, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./661", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./661", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./661/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./661/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./661/binderfs") = 0 umount2("./661/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./661/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./661/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./661/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./661/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./661/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./661") = 0 mkdir("./662", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3642 ./strace-static-x86_64: Process 3642 attached [pid 3642] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3642] chdir("./662") = 0 [pid 3642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3642] setpgid(0, 0) = 0 [pid 3642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3642] write(3, "1000", 4) = 4 [pid 3642] close(3) = 0 [pid 3642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3642] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3642] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3642] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3643], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3643 [pid 3642] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3643 attached [pid 3643] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3643] memfd_create("syzkaller", 0) = 3 [pid 3643] ftruncate(3, 2097152) = 0 [pid 3643] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3643] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3643] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3643] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3643] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3643] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3643] mkdir("./file0", 0777) = 0 [ 66.368144][ T3638] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3643] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3643] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3643] ioctl(4, LOOP_CLR_FD) = 0 [pid 3643] close(4) = 0 [pid 3643] close(3) = 0 [pid 3643] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] <... futex resumed>) = 0 [pid 3642] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3643] <... futex resumed>) = 1 [pid 3643] chdir("./file0") = 0 [pid 3643] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] <... futex resumed>) = 0 [pid 3642] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3643] <... futex resumed>) = 1 [pid 3643] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3643] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] <... futex resumed>) = 0 [pid 3642] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3642] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3642] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3646], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3646 [pid 3642] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3643] <... futex resumed>) = 1 ./strace-static-x86_64: Process 3646 attached [pid 3643] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3646] set_robust_list(0x7f697cdce9e0, 24 [pid 3643] <... write resumed>) = 61 [pid 3646] <... set_robust_list resumed>) = 0 [pid 3643] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3643] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3646] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3646] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] <... futex resumed>) = 0 [pid 3646] <... futex resumed>) = 1 [pid 3642] exit_group(0) = ? [pid 3643] <... futex resumed>) = 231 [pid 3643] +++ exited with 0 +++ [pid 3646] +++ exited with 0 +++ [pid 3642] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3642, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./662", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./662", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./662/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./662/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./662/binderfs") = 0 [ 66.422274][ T3643] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./662/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./662/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./662/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./662/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./662/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./662/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./662") = 0 mkdir("./663", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3647 ./strace-static-x86_64: Process 3647 attached [pid 3647] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3647] chdir("./663") = 0 [pid 3647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3647] setpgid(0, 0) = 0 [pid 3647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3647] write(3, "1000", 4) = 4 [pid 3647] close(3) = 0 [pid 3647] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3647] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3647] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3647] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3648], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3648 [pid 3647] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3647] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3648 attached [pid 3648] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3648] memfd_create("syzkaller", 0) = 3 [pid 3648] ftruncate(3, 2097152) = 0 [pid 3648] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3648] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3648] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3648] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3648] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3648] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3648] mkdir("./file0", 0777) = 0 [pid 3648] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3648] ioctl(4, LOOP_CLR_FD) = 0 [pid 3648] close(4) = 0 [pid 3648] close(3) = 0 [pid 3648] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] <... futex resumed>) = 0 [pid 3647] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3647] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3648] <... futex resumed>) = 1 [pid 3648] chdir("./file0") = 0 [pid 3648] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] <... futex resumed>) = 0 [pid 3647] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3647] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3648] <... futex resumed>) = 1 [pid 3648] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3648] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] <... futex resumed>) = 0 [pid 3647] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3647] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3647] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3647] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3651], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3651 [pid 3647] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3647] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3648] <... futex resumed>) = 1 [pid 3648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3648] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3651 attached [pid 3651] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3651] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3651] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] <... futex resumed>) = 0 [pid 3647] exit_group(0) = ? [pid 3648] <... futex resumed>) = ? [pid 3648] +++ exited with 0 +++ [pid 3651] <... futex resumed>) = ? [pid 3651] +++ exited with 0 +++ [pid 3647] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3647, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./663", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./663", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./663/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./663/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./663/binderfs") = 0 umount2("./663/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./663/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./663/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./663/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./663/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./663/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./663") = 0 mkdir("./664", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3652 ./strace-static-x86_64: Process 3652 attached [pid 3652] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3652] chdir("./664") = 0 [pid 3652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3652] setpgid(0, 0) = 0 [pid 3652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3652] write(3, "1000", 4) = 4 [pid 3652] close(3) = 0 [pid 3652] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3652] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3652] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3652] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3653], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3653 [pid 3652] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3653 attached [pid 3653] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3653] memfd_create("syzkaller", 0) = 3 [pid 3653] ftruncate(3, 2097152) = 0 [pid 3653] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3653] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3653] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3653] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3653] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3653] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3653] mkdir("./file0", 0777) = 0 [pid 3653] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3653] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3653] ioctl(4, LOOP_CLR_FD) = 0 [pid 3653] close(4) = 0 [pid 3653] close(3) = 0 [pid 3653] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3652] <... futex resumed>) = 0 [pid 3652] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3653] <... futex resumed>) = 1 [pid 3653] chdir("./file0") = 0 [pid 3653] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3652] <... futex resumed>) = 0 [pid 3652] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3653] <... futex resumed>) = 1 [pid 3653] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3653] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3652] <... futex resumed>) = 0 [pid 3652] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3652] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3652] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3656], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3656 [pid 3652] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3653] <... futex resumed>) = 1 [pid 3653] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3653] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3653] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3656 attached [pid 3656] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3656] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3656] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3652] <... futex resumed>) = 0 [pid 3652] exit_group(0) = ? [pid 3653] <... futex resumed>) = ? [pid 3653] +++ exited with 0 +++ [pid 3656] <... futex resumed>) = ? [pid 3656] +++ exited with 0 +++ [pid 3652] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3652, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./664", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./664", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./664/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./664/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./664/binderfs") = 0 [ 66.542722][ T3648] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 66.582193][ T3653] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./664/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./664/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./664/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./664/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./664/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./664/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./664") = 0 mkdir("./665", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3657 ./strace-static-x86_64: Process 3657 attached [pid 3657] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3657] chdir("./665") = 0 [pid 3657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3657] setpgid(0, 0) = 0 [pid 3657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3657] write(3, "1000", 4) = 4 [pid 3657] close(3) = 0 [pid 3657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3657] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3657] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3657] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3658], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3658 [pid 3657] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3658 attached [pid 3658] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3658] memfd_create("syzkaller", 0) = 3 [pid 3658] ftruncate(3, 2097152) = 0 [pid 3658] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3658] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3658] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3658] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3658] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3658] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3658] mkdir("./file0", 0777) = 0 [pid 3658] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3658] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3658] ioctl(4, LOOP_CLR_FD) = 0 [pid 3658] close(4) = 0 [pid 3658] close(3) = 0 [pid 3658] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3657] <... futex resumed>) = 0 [pid 3657] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... futex resumed>) = 1 [pid 3658] chdir("./file0") = 0 [pid 3658] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3657] <... futex resumed>) = 0 [pid 3657] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... futex resumed>) = 1 [pid 3658] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3658] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3657] <... futex resumed>) = 0 [pid 3657] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3657] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3657] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3661], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3661 [pid 3657] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... futex resumed>) = 1 [pid 3658] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3658] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3658] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3661 attached [pid 3661] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3661] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3661] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3657] <... futex resumed>) = 0 [pid 3657] exit_group(0) = ? [pid 3658] <... futex resumed>) = ? [pid 3658] +++ exited with 0 +++ [pid 3661] <... futex resumed>) = ? [pid 3661] +++ exited with 0 +++ [pid 3657] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3657, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./665", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./665", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./665/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./665/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./665/binderfs") = 0 umount2("./665/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./665/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./665/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./665/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./665/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./665/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./665") = 0 mkdir("./666", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3662 ./strace-static-x86_64: Process 3662 attached [pid 3662] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3662] chdir("./666") = 0 [pid 3662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3662] setpgid(0, 0) = 0 [pid 3662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3662] write(3, "1000", 4) = 4 [pid 3662] close(3) = 0 [pid 3662] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3662] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3662] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3662] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3663 attached [pid 3663] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3663] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3662] <... clone resumed>, parent_tid=[3663], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3663 [pid 3662] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] <... futex resumed>) = 0 [pid 3663] memfd_create("syzkaller", 0 [pid 3662] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3663] <... memfd_create resumed>) = 3 [pid 3663] ftruncate(3, 2097152) = 0 [pid 3663] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3663] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3663] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [ 66.632622][ T3658] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3663] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3663] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3663] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3663] mkdir("./file0", 0777) = 0 [pid 3663] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3663] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3663] ioctl(4, LOOP_CLR_FD) = 0 [pid 3663] close(4) = 0 [pid 3663] close(3) = 0 [pid 3663] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3662] <... futex resumed>) = 0 [pid 3662] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3662] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3663] <... futex resumed>) = 1 [pid 3663] chdir("./file0") = 0 [pid 3663] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3662] <... futex resumed>) = 0 [pid 3662] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3662] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3663] <... futex resumed>) = 1 [pid 3663] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3663] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3662] <... futex resumed>) = 0 [pid 3662] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3662] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3662] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3662] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3666], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3666 [pid 3662] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3662] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3663] <... futex resumed>) = 1 [pid 3663] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3663] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3666 attached [pid 3666] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3666] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3666] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3662] <... futex resumed>) = 0 [pid 3662] exit_group(0) = ? [pid 3663] <... futex resumed>) = ? [pid 3663] +++ exited with 0 +++ [pid 3666] <... futex resumed>) = ? [pid 3666] +++ exited with 0 +++ [pid 3662] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3662, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./666", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./666", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./666/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./666/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./666/binderfs") = 0 umount2("./666/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./666/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./666/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./666/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./666/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./666/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./666") = 0 mkdir("./667", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3667 ./strace-static-x86_64: Process 3667 attached [pid 3667] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3667] chdir("./667") = 0 [pid 3667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3667] setpgid(0, 0) = 0 [pid 3667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3667] write(3, "1000", 4) = 4 [pid 3667] close(3) = 0 [pid 3667] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3667] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3667] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3667] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3668], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3668 [pid 3667] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3668 attached [pid 3668] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3668] memfd_create("syzkaller", 0) = 3 [pid 3668] ftruncate(3, 2097152) = 0 [pid 3668] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3668] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3668] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3668] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3668] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3668] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3668] mkdir("./file0", 0777) = 0 [ 66.696610][ T3663] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3668] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3668] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3668] ioctl(4, LOOP_CLR_FD) = 0 [pid 3668] close(4) = 0 [pid 3668] close(3) = 0 [pid 3668] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3667] <... futex resumed>) = 0 [pid 3667] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3668] <... futex resumed>) = 1 [pid 3668] chdir("./file0") = 0 [pid 3668] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3667] <... futex resumed>) = 0 [pid 3667] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3668] <... futex resumed>) = 1 [pid 3668] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3668] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3667] <... futex resumed>) = 0 [pid 3667] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3667] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3667] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3671], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3671 [pid 3667] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3668] <... futex resumed>) = 1 [pid 3668] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3668] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3668] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3671 attached [pid 3671] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3671] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3671] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3667] <... futex resumed>) = 0 [pid 3667] exit_group(0) = ? [pid 3668] <... futex resumed>) = ? [pid 3671] <... futex resumed>) = ? [pid 3668] +++ exited with 0 +++ [pid 3671] +++ exited with 0 +++ [pid 3667] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3667, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./667", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./667", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./667/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./667/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./667/binderfs") = 0 umount2("./667/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./667/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./667/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./667/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./667/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./667/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./667") = 0 mkdir("./668", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3672 ./strace-static-x86_64: Process 3672 attached [pid 3672] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3672] chdir("./668") = 0 [pid 3672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3672] setpgid(0, 0) = 0 [pid 3672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3672] write(3, "1000", 4) = 4 [pid 3672] close(3) = 0 [pid 3672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3672] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3672] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3672] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3673], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3673 [pid 3672] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3673 attached [pid 3673] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3673] memfd_create("syzkaller", 0) = 3 [pid 3673] ftruncate(3, 2097152) = 0 [pid 3673] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3673] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3673] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3673] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3673] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3673] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3673] mkdir("./file0", 0777) = 0 [ 66.751310][ T3668] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3673] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3673] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3673] ioctl(4, LOOP_CLR_FD) = 0 [pid 3673] close(4) = 0 [pid 3673] close(3) = 0 [pid 3673] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3673] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] <... futex resumed>) = 0 [pid 3672] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3673] <... futex resumed>) = 0 [pid 3673] chdir("./file0") = 0 [pid 3673] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3672] <... futex resumed>) = 0 [pid 3672] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3673] <... futex resumed>) = 1 [pid 3673] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3673] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3672] <... futex resumed>) = 0 [pid 3672] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3672] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3672] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3676], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3676 [pid 3672] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3673] <... futex resumed>) = 1 [pid 3673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3673] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3676 attached [pid 3673] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3676] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3676] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3676] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3672] <... futex resumed>) = 0 [pid 3672] exit_group(0) = ? [pid 3673] <... futex resumed>) = ? [pid 3673] +++ exited with 0 +++ [pid 3676] <... futex resumed>) = ? [pid 3676] +++ exited with 0 +++ [pid 3672] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3672, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./668", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./668", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./668/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./668/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./668/binderfs") = 0 umount2("./668/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./668/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./668/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./668/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./668/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./668/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./668") = 0 mkdir("./669", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3677 ./strace-static-x86_64: Process 3677 attached [pid 3677] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3677] chdir("./669") = 0 [pid 3677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3677] setpgid(0, 0) = 0 [pid 3677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3677] write(3, "1000", 4) = 4 [pid 3677] close(3) = 0 [pid 3677] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3677] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3677] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3677] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3678], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3678 [pid 3677] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3678 attached [pid 3678] set_robust_list(0x7f697cdef9e0, 24 [pid 3677] <... futex resumed>) = 0 [pid 3678] <... set_robust_list resumed>) = 0 [pid 3678] memfd_create("syzkaller", 0) = 3 [pid 3678] ftruncate(3, 2097152) = 0 [pid 3678] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3678] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3678] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3678] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3678] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3678] ioctl(4, LOOP_SET_FD, 3 [pid 3677] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3678] <... ioctl resumed>) = 0 [pid 3678] mkdir("./file0", 0777) = 0 [ 66.801399][ T3673] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 3678] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3678] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3678] ioctl(4, LOOP_CLR_FD) = 0 [pid 3678] close(4) = 0 [pid 3678] close(3) = 0 [pid 3678] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3677] <... futex resumed>) = 0 [pid 3677] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3677] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3678] <... futex resumed>) = 1 [pid 3678] chdir("./file0") = 0 [pid 3678] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3677] <... futex resumed>) = 0 [pid 3677] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3677] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3678] <... futex resumed>) = 1 [pid 3678] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3678] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3677] <... futex resumed>) = 0 [pid 3677] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3677] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3677] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3677] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3681], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3681 [pid 3677] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3677] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3678] <... futex resumed>) = 1 [pid 3678] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3678] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3678] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3681 attached [pid 3681] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3681] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3681] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3677] <... futex resumed>) = 0 [pid 3677] exit_group(0) = ? [pid 3678] <... futex resumed>) = ? [pid 3678] +++ exited with 0 +++ [pid 3681] <... futex resumed>) = ? [pid 3681] +++ exited with 0 +++ [pid 3677] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3677, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./669", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./669", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./669/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./669/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./669/binderfs") = 0 [ 66.847768][ T3678] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./669/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./669/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./669/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./669/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./669/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./669/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./669") = 0 mkdir("./670", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3682 ./strace-static-x86_64: Process 3682 attached [pid 3682] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3682] chdir("./670") = 0 [pid 3682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3682] setpgid(0, 0) = 0 [pid 3682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3682] write(3, "1000", 4) = 4 [pid 3682] close(3) = 0 [pid 3682] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3682] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3682] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3682] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3683], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3683 [pid 3682] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3682] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3683 attached [pid 3683] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3683] memfd_create("syzkaller", 0) = 3 [pid 3683] ftruncate(3, 2097152) = 0 [pid 3683] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3683] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3683] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3683] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3683] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3683] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3683] mkdir("./file0", 0777) = 0 [pid 3683] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3683] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3683] ioctl(4, LOOP_CLR_FD) = 0 [pid 3683] close(4) = 0 [pid 3683] close(3) = 0 [pid 3683] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] <... futex resumed>) = 0 [pid 3682] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3682] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3683] <... futex resumed>) = 1 [pid 3683] chdir("./file0") = 0 [pid 3683] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] <... futex resumed>) = 0 [pid 3682] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3682] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3683] <... futex resumed>) = 1 [pid 3683] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3683] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] <... futex resumed>) = 0 [pid 3682] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3682] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3682] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3682] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3686], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3686 [pid 3682] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3682] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3683] <... futex resumed>) = 1 [pid 3683] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3683] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3683] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3686 attached [pid 3686] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3686] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3686] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] <... futex resumed>) = 0 [pid 3682] exit_group(0) = ? [pid 3686] <... futex resumed>) = ? [pid 3683] <... futex resumed>) = ? [pid 3686] +++ exited with 0 +++ [pid 3683] +++ exited with 0 +++ [pid 3682] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3682, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./670", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./670", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./670/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./670/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./670/binderfs") = 0 [ 66.972253][ T3683] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./670/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./670/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./670/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./670/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./670/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./670/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./670") = 0 mkdir("./671", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3687 ./strace-static-x86_64: Process 3687 attached [pid 3687] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3687] chdir("./671") = 0 [pid 3687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3687] setpgid(0, 0) = 0 [pid 3687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3687] write(3, "1000", 4) = 4 [pid 3687] close(3) = 0 [pid 3687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3687] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3687] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3687] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3688], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3688 [pid 3687] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3688 attached [pid 3688] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3688] memfd_create("syzkaller", 0) = 3 [pid 3688] ftruncate(3, 2097152) = 0 [pid 3688] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3688] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3688] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3688] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3688] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3688] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3688] mkdir("./file0", 0777) = 0 [pid 3688] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3688] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3688] ioctl(4, LOOP_CLR_FD) = 0 [pid 3688] close(4) = 0 [pid 3688] close(3) = 0 [pid 3688] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... futex resumed>) = 0 [pid 3687] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3688] <... futex resumed>) = 1 [pid 3688] chdir("./file0") = 0 [pid 3688] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... futex resumed>) = 0 [pid 3687] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3688] <... futex resumed>) = 1 [pid 3688] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3688] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... futex resumed>) = 0 [pid 3687] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3687] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3687] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3691], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3691 [pid 3687] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3688] <... futex resumed>) = 1 [pid 3688] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3688] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3691 attached [pid 3691] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3691] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3691] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... futex resumed>) = 0 [pid 3687] exit_group(0 [pid 3688] <... futex resumed>) = ? [pid 3691] <... futex resumed>) = 231 [pid 3687] <... exit_group resumed>) = ? [pid 3691] +++ exited with 0 +++ [pid 3688] +++ exited with 0 +++ [pid 3687] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3687, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./671", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./671", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./671/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./671/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./671/binderfs") = 0 umount2("./671/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./671/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./671/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./671/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./671/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./671/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./671") = 0 mkdir("./672", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3692 ./strace-static-x86_64: Process 3692 attached [pid 3692] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3692] chdir("./672") = 0 [pid 3692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3692] setpgid(0, 0) = 0 [pid 3692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3692] write(3, "1000", 4) = 4 [pid 3692] close(3) = 0 [pid 3692] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3692] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3692] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3692] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3693 attached , parent_tid=[3693], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3693 [pid 3692] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3692] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3693] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3693] memfd_create("syzkaller", 0) = 3 [pid 3693] ftruncate(3, 2097152) = 0 [pid 3693] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3693] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3693] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3693] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3693] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3693] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3693] mkdir("./file0", 0777) = 0 [pid 3693] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3693] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3693] ioctl(4, LOOP_CLR_FD) = 0 [pid 3693] close(4) = 0 [pid 3693] close(3) = 0 [pid 3693] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3692] <... futex resumed>) = 0 [pid 3692] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3692] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3693] chdir("./file0") = 0 [pid 3693] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3692] <... futex resumed>) = 0 [pid 3692] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3692] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3693] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3693] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3692] <... futex resumed>) = 0 [pid 3692] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3692] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3692] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3692] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3696], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3696 [pid 3692] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3692] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3693] <... futex resumed>) = 1 [pid 3693] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3693] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3693] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3696 attached [pid 3696] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3696] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3696] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3692] <... futex resumed>) = 0 [pid 3692] exit_group(0) = ? [pid 3693] <... futex resumed>) = ? [pid 3693] +++ exited with 0 +++ [pid 3696] <... futex resumed>) = ? [pid 3696] +++ exited with 0 +++ [pid 3692] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3692, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./672", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./672", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./672/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./672/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./672/binderfs") = 0 umount2("./672/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./672/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./672/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./672/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./672/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./672/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./672") = 0 mkdir("./673", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3697 ./strace-static-x86_64: Process 3697 attached [pid 3697] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3697] chdir("./673") = 0 [pid 3697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3697] setpgid(0, 0) = 0 [pid 3697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3697] write(3, "1000", 4) = 4 [pid 3697] close(3) = 0 [pid 3697] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3697] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3697] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3697] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3698], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3698 [pid 3697] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3697] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3698 attached [pid 3698] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3698] memfd_create("syzkaller", 0) = 3 [pid 3698] ftruncate(3, 2097152) = 0 [pid 3698] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3698] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3698] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3698] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3698] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3698] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3698] mkdir("./file0", 0777) = 0 [pid 3698] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3698] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3698] ioctl(4, LOOP_CLR_FD) = 0 [pid 3698] close(4) = 0 [pid 3698] close(3) = 0 [pid 3698] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3697] <... futex resumed>) = 0 [pid 3697] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3697] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3698] <... futex resumed>) = 1 [pid 3698] chdir("./file0") = 0 [pid 3698] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3697] <... futex resumed>) = 0 [pid 3697] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3697] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3698] <... futex resumed>) = 1 [pid 3698] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3698] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3697] <... futex resumed>) = 0 [pid 3697] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3697] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3697] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3697] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3701], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3701 [pid 3697] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3697] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3701 attached [pid 3698] <... futex resumed>) = 1 [pid 3698] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3698] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3698] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3701] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3701] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3701] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3697] <... futex resumed>) = 0 [pid 3697] exit_group(0) = ? [pid 3698] <... futex resumed>) = ? [pid 3698] +++ exited with 0 +++ [pid 3701] <... futex resumed>) = ? [pid 3701] +++ exited with 0 +++ [pid 3697] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3697, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./673", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./673", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./673/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./673/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./673/binderfs") = 0 umount2("./673/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./673/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./673/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./673/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./673/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./673/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./673") = 0 mkdir("./674", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3702 ./strace-static-x86_64: Process 3702 attached [pid 3702] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3702] chdir("./674") = 0 [pid 3702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3702] setpgid(0, 0) = 0 [pid 3702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3702] write(3, "1000", 4) = 4 [pid 3702] close(3) = 0 [pid 3702] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3702] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3702] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3702] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3703], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3703 [pid 3702] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3703 attached [pid 3703] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3703] memfd_create("syzkaller", 0) = 3 [pid 3703] ftruncate(3, 2097152) = 0 [pid 3703] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3703] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3703] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3703] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3703] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3703] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3703] mkdir("./file0", 0777) = 0 [pid 3703] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3703] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3703] ioctl(4, LOOP_CLR_FD) = 0 [pid 3703] close(4) = 0 [pid 3703] close(3) = 0 [pid 3703] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3702] <... futex resumed>) = 0 [pid 3702] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3703] <... futex resumed>) = 1 [pid 3703] chdir("./file0") = 0 [pid 3703] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3702] <... futex resumed>) = 0 [pid 3702] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3703] <... futex resumed>) = 1 [pid 3703] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3703] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3702] <... futex resumed>) = 0 [pid 3703] <... futex resumed>) = 1 [pid 3702] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3703] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3702] <... futex resumed>) = 0 [pid 3702] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3703] <... write resumed>) = 61 [pid 3702] <... mmap resumed>) = 0x7f697cdae000 [pid 3703] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3702] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3703] <... futex resumed>) = 0 [pid 3702] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3703] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3702] <... clone resumed>, parent_tid=[3706], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3706 [pid 3702] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3706 attached [pid 3706] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3706] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3706] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3702] <... futex resumed>) = 0 [pid 3702] exit_group(0) = ? [pid 3703] <... futex resumed>) = ? [pid 3703] +++ exited with 0 +++ [pid 3706] <... futex resumed>) = ? [pid 3706] +++ exited with 0 +++ [pid 3702] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3702, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./674", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./674", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./674/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./674/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./674/binderfs") = 0 umount2("./674/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./674/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./674/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./674/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./674/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./674/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./674") = 0 mkdir("./675", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3707 ./strace-static-x86_64: Process 3707 attached [pid 3707] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3707] chdir("./675") = 0 [pid 3707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3707] setpgid(0, 0) = 0 [pid 3707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3707] write(3, "1000", 4) = 4 [pid 3707] close(3) = 0 [pid 3707] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3707] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3707] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3707] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3708], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3708 [pid 3707] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3707] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3708 attached [pid 3708] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3708] memfd_create("syzkaller", 0) = 3 [pid 3708] ftruncate(3, 2097152) = 0 [pid 3708] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3708] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3708] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3708] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3708] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3708] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3708] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3708] mkdir("./file0", 0777) = 0 [pid 3708] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3708] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3708] ioctl(4, LOOP_CLR_FD) = 0 [pid 3708] close(4) = 0 [pid 3708] close(3) = 0 [pid 3708] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3707] <... futex resumed>) = 0 [pid 3707] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3707] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3708] <... futex resumed>) = 1 [pid 3708] chdir("./file0") = 0 [pid 3708] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3707] <... futex resumed>) = 0 [pid 3707] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3707] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3708] <... futex resumed>) = 1 [pid 3708] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3708] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3707] <... futex resumed>) = 0 [pid 3707] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3707] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3707] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3707] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3711], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3711 [pid 3707] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3707] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3708] <... futex resumed>) = 1 [pid 3708] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3708] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3708] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3711 attached [pid 3711] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3711] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3711] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3707] <... futex resumed>) = 0 [pid 3711] <... futex resumed>) = 1 [pid 3707] exit_group(0 [pid 3711] ????( [pid 3707] <... exit_group resumed>) = ? [pid 3708] <... futex resumed>) = ? [pid 3708] +++ exited with 0 +++ [pid 3711] <... ???? resumed>) = ? [pid 3711] +++ exited with 0 +++ [pid 3707] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3707, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./675", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./675", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./675/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./675/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./675/binderfs") = 0 umount2("./675/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./675/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./675/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./675/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./675/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./675/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./675") = 0 mkdir("./676", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3712 ./strace-static-x86_64: Process 3712 attached [pid 3712] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3712] chdir("./676") = 0 [pid 3712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3712] setpgid(0, 0) = 0 [pid 3712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3712] write(3, "1000", 4) = 4 [pid 3712] close(3) = 0 [pid 3712] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3712] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3712] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3712] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3713], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3713 [pid 3712] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3712] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3713 attached [pid 3713] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3713] memfd_create("syzkaller", 0) = 3 [pid 3713] ftruncate(3, 2097152) = 0 [pid 3713] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3713] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3713] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3713] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3713] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3713] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3713] mkdir("./file0", 0777) = 0 [pid 3713] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3713] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3713] ioctl(4, LOOP_CLR_FD) = 0 [pid 3713] close(4) = 0 [pid 3713] close(3) = 0 [pid 3713] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3713] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3712] <... futex resumed>) = 0 [pid 3712] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3712] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3713] <... futex resumed>) = 0 [pid 3713] chdir("./file0") = 0 [pid 3713] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3712] <... futex resumed>) = 0 [pid 3712] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3712] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3713] <... futex resumed>) = 1 [pid 3713] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3713] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3712] <... futex resumed>) = 0 [pid 3712] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3712] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3712] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3712] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3716 attached , parent_tid=[3716], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3716 [pid 3716] set_robust_list(0x7f697cdce9e0, 24 [pid 3712] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3712] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3713] <... futex resumed>) = 1 [pid 3713] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3716] <... set_robust_list resumed>) = 0 [pid 3716] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3713] <... write resumed>) = 61 [pid 3713] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3713] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3716] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3716] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3712] <... futex resumed>) = 0 [pid 3712] exit_group(0) = ? [pid 3713] <... futex resumed>) = ? [pid 3713] +++ exited with 0 +++ [pid 3716] <... futex resumed>) = ? [pid 3716] +++ exited with 0 +++ [pid 3712] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3712, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./676", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./676", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./676/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./676/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./676/binderfs") = 0 umount2("./676/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./676/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./676/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./676/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./676/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./676/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./676") = 0 mkdir("./677", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3717 ./strace-static-x86_64: Process 3717 attached [pid 3717] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3717] chdir("./677") = 0 [pid 3717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3717] setpgid(0, 0) = 0 [pid 3717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3717] write(3, "1000", 4) = 4 [pid 3717] close(3) = 0 [pid 3717] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3717] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3717] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3717] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3718], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3718 [pid 3717] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3717] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3718 attached [pid 3718] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3718] memfd_create("syzkaller", 0) = 3 [pid 3718] ftruncate(3, 2097152) = 0 [pid 3718] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3718] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3718] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3718] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3718] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3718] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3718] mkdir("./file0", 0777) = 0 [pid 3718] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3718] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3718] ioctl(4, LOOP_CLR_FD) = 0 [pid 3718] close(4) = 0 [pid 3718] close(3) = 0 [pid 3718] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3717] <... futex resumed>) = 0 [pid 3717] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3718] chdir("./file0" [pid 3717] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3718] <... chdir resumed>) = 0 [pid 3718] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3717] <... futex resumed>) = 0 [pid 3718] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3717] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3718] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3717] <... futex resumed>) = 0 [pid 3718] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3717] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3718] <... openat resumed>) = 3 [pid 3718] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3717] <... futex resumed>) = 0 [pid 3717] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3717] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3717] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3717] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3721], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3721 [pid 3717] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3717] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3721 attached [pid 3721] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3721] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3718] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3721] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3718] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 3718] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3721] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3718] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3721] <... futex resumed>) = 1 [pid 3717] <... futex resumed>) = 0 [pid 3717] exit_group(0) = ? [pid 3718] <... futex resumed>) = ? [pid 3718] +++ exited with 0 +++ [pid 3721] +++ exited with 0 +++ [pid 3717] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3717, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./677", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./677", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./677/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./677/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./677/binderfs") = 0 umount2("./677/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./677/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./677/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./677/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./677/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./677/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./677") = 0 mkdir("./678", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3722 ./strace-static-x86_64: Process 3722 attached [pid 3722] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3722] chdir("./678") = 0 [pid 3722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3722] setpgid(0, 0) = 0 [pid 3722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3722] write(3, "1000", 4) = 4 [pid 3722] close(3) = 0 [pid 3722] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3722] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3722] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3722] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3723], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3723 [pid 3722] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3722] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3723 attached [pid 3723] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3723] memfd_create("syzkaller", 0) = 3 [pid 3723] ftruncate(3, 2097152) = 0 [pid 3723] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3723] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3723] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3723] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3723] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3723] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3723] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3723] mkdir("./file0", 0777) = 0 [pid 3723] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3723] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3723] ioctl(4, LOOP_CLR_FD) = 0 [pid 3723] close(4) = 0 [pid 3723] close(3) = 0 [pid 3723] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3722] <... futex resumed>) = 0 [pid 3722] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3722] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3723] <... futex resumed>) = 1 [pid 3723] chdir("./file0") = 0 [pid 3723] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3722] <... futex resumed>) = 0 [pid 3722] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3722] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3723] <... futex resumed>) = 1 [pid 3723] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3723] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3722] <... futex resumed>) = 0 [pid 3722] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3722] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3722] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3722] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3726], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3726 [pid 3722] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3722] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3723] <... futex resumed>) = 1 [pid 3723] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3723] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3723] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3726 attached [pid 3726] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3726] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3726] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3722] <... futex resumed>) = 0 [pid 3722] exit_group(0) = ? [pid 3723] <... futex resumed>) = ? [pid 3723] +++ exited with 0 +++ [pid 3726] <... futex resumed>) = ? [pid 3726] +++ exited with 0 +++ [pid 3722] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3722, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./678", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./678", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./678/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./678/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./678/binderfs") = 0 umount2("./678/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./678/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./678/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./678/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./678/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./678/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./678") = 0 mkdir("./679", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3727 ./strace-static-x86_64: Process 3727 attached [pid 3727] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3727] chdir("./679") = 0 [pid 3727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3727] setpgid(0, 0) = 0 [pid 3727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3727] write(3, "1000", 4) = 4 [pid 3727] close(3) = 0 [pid 3727] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3727] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3727] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3727] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3728], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3728 [pid 3727] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3727] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3728 attached [pid 3728] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3728] memfd_create("syzkaller", 0) = 3 [pid 3728] ftruncate(3, 2097152) = 0 [pid 3728] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3728] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3728] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3728] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3728] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3728] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3728] mkdir("./file0", 0777) = 0 [pid 3728] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3728] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3728] ioctl(4, LOOP_CLR_FD) = 0 [pid 3728] close(4) = 0 [pid 3728] close(3) = 0 [pid 3728] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3727] <... futex resumed>) = 0 [pid 3727] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3727] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3728] chdir("./file0") = 0 [pid 3728] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3727] <... futex resumed>) = 0 [pid 3727] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3727] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3728] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3728] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3727] <... futex resumed>) = 0 [pid 3727] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3727] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3727] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3727] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3731 attached , parent_tid=[3731], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3731 [pid 3727] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3727] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3728] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3731] set_robust_list(0x7f697cdce9e0, 24 [pid 3728] <... write resumed>) = 61 [pid 3728] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3728] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3731] <... set_robust_list resumed>) = 0 [pid 3731] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3731] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3727] <... futex resumed>) = 0 [pid 3727] exit_group(0) = ? [pid 3728] <... futex resumed>) = ? [pid 3731] <... futex resumed>) = ? [pid 3728] +++ exited with 0 +++ [pid 3731] +++ exited with 0 +++ [pid 3727] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3727, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./679", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./679", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./679/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./679/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./679/binderfs") = 0 umount2("./679/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./679/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./679/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./679/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./679/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./679/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./679") = 0 mkdir("./680", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3732 ./strace-static-x86_64: Process 3732 attached [pid 3732] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3732] chdir("./680") = 0 [pid 3732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3732] setpgid(0, 0) = 0 [pid 3732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3732] write(3, "1000", 4) = 4 [pid 3732] close(3) = 0 [pid 3732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3732] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3732] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3732] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3733 attached , parent_tid=[3733], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3733 [pid 3732] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3733] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3733] memfd_create("syzkaller", 0) = 3 [pid 3733] ftruncate(3, 2097152) = 0 [pid 3733] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3733] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3733] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3733] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3733] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3733] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3733] mkdir("./file0", 0777) = 0 [pid 3733] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3733] ioctl(4, LOOP_CLR_FD) = 0 [pid 3733] close(4) = 0 [pid 3733] close(3) = 0 [pid 3733] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3732] <... futex resumed>) = 0 [pid 3732] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] chdir("./file0" [pid 3732] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3733] <... chdir resumed>) = 0 [pid 3733] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3732] <... futex resumed>) = 0 [pid 3733] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3732] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3733] <... openat resumed>) = 3 [pid 3733] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3732] <... futex resumed>) = 0 [pid 3733] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3732] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3733] <... write resumed>) = 61 [pid 3732] <... futex resumed>) = 0 [pid 3733] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3732] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3733] <... futex resumed>) = 0 [pid 3732] <... futex resumed>) = 0 [pid 3733] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3732] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3732] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3736], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3736 [pid 3732] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3736 attached [pid 3736] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3736] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3736] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3732] <... futex resumed>) = 0 [pid 3732] exit_group(0 [pid 3736] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3732] <... exit_group resumed>) = ? [pid 3733] <... futex resumed>) = ? [pid 3733] +++ exited with 0 +++ [pid 3736] <... futex resumed>) = ? [pid 3736] +++ exited with 0 +++ [pid 3732] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3732, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./680", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./680", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./680/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./680/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./680/binderfs") = 0 umount2("./680/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./680/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./680/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./680/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./680/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./680/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./680") = 0 mkdir("./681", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3737 ./strace-static-x86_64: Process 3737 attached [pid 3737] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3737] chdir("./681") = 0 [pid 3737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3737] setpgid(0, 0) = 0 [pid 3737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3737] write(3, "1000", 4) = 4 [pid 3737] close(3) = 0 [pid 3737] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3737] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3737] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3737] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3737] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3738], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3738 [pid 3737] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3737] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3738 attached [pid 3738] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3738] memfd_create("syzkaller", 0) = 3 [pid 3738] ftruncate(3, 2097152) = 0 [pid 3738] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3738] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3738] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3738] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3738] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3738] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3738] mkdir("./file0", 0777) = 0 [pid 3738] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3738] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3738] ioctl(4, LOOP_CLR_FD) = 0 [pid 3738] close(4) = 0 [pid 3738] close(3) = 0 [pid 3738] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3737] <... futex resumed>) = 0 [pid 3738] chdir("./file0" [pid 3737] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3738] <... chdir resumed>) = 0 [pid 3737] <... futex resumed>) = 0 [pid 3738] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3737] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3738] <... futex resumed>) = 0 [pid 3737] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3738] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3737] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3737] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3738] <... openat resumed>) = 3 [pid 3738] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3737] <... futex resumed>) = 0 [pid 3737] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3738] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3737] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3738] <... write resumed>) = 61 [pid 3737] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3738] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3737] <... mmap resumed>) = 0x7f697cdae000 [pid 3737] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3737] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3741 attached , parent_tid=[3741], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3741 [pid 3737] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3741] set_robust_list(0x7f697cdce9e0, 24 [pid 3737] <... futex resumed>) = 0 [pid 3741] <... set_robust_list resumed>) = 0 [pid 3737] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3741] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3738] <... futex resumed>) = 0 [pid 3738] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3741] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3741] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3737] <... futex resumed>) = 0 [pid 3737] exit_group(0) = ? [pid 3738] <... futex resumed>) = ? [pid 3741] <... futex resumed>) = ? [pid 3741] +++ exited with 0 +++ [pid 3738] +++ exited with 0 +++ [pid 3737] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3737, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./681", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./681", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./681/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./681/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./681/binderfs") = 0 umount2("./681/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./681/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./681/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./681/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./681/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./681/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./681") = 0 mkdir("./682", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3742 ./strace-static-x86_64: Process 3742 attached [pid 3742] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3742] chdir("./682") = 0 [pid 3742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3742] setpgid(0, 0) = 0 [pid 3742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3742] write(3, "1000", 4) = 4 [pid 3742] close(3) = 0 [pid 3742] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3742] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3742] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3742] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3743], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3743 [pid 3742] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3742] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3743 attached [pid 3743] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3743] memfd_create("syzkaller", 0) = 3 [pid 3743] ftruncate(3, 2097152) = 0 [pid 3743] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3743] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3743] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3743] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3743] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3743] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3743] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3743] mkdir("./file0", 0777) = 0 [pid 3743] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3743] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3743] ioctl(4, LOOP_CLR_FD) = 0 [pid 3743] close(4) = 0 [pid 3743] close(3) = 0 [pid 3743] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3742] <... futex resumed>) = 0 [pid 3743] <... futex resumed>) = 1 [pid 3742] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3743] chdir("./file0" [pid 3742] <... futex resumed>) = 0 [pid 3742] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3743] <... chdir resumed>) = 0 [pid 3743] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3742] <... futex resumed>) = 0 [pid 3743] <... futex resumed>) = 1 [pid 3742] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3743] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3742] <... futex resumed>) = 0 [pid 3742] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3743] <... openat resumed>) = 3 [pid 3743] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3742] <... futex resumed>) = 0 [pid 3743] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3742] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3742] <... futex resumed>) = 0 [pid 3743] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3742] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3743] <... write resumed>) = 61 [pid 3742] <... mmap resumed>) = 0x7f697cdae000 [pid 3743] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3742] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 3743] <... futex resumed>) = 0 [pid 3742] <... mprotect resumed>) = 0 [pid 3743] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3742] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3746], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3746 [pid 3742] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3742] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3746 attached [pid 3746] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3746] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3746] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3742] <... futex resumed>) = 0 [pid 3746] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3742] exit_group(0) = ? [pid 3743] <... futex resumed>) = ? [pid 3743] +++ exited with 0 +++ [pid 3746] <... futex resumed>) = ? [pid 3746] +++ exited with 0 +++ [pid 3742] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3742, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./682", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./682", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./682/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./682/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./682/binderfs") = 0 umount2("./682/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./682/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./682/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./682/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./682/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./682/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./682") = 0 mkdir("./683", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3747 ./strace-static-x86_64: Process 3747 attached [pid 3747] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3747] chdir("./683") = 0 [pid 3747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3747] setpgid(0, 0) = 0 [pid 3747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3747] write(3, "1000", 4) = 4 [pid 3747] close(3) = 0 [pid 3747] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3747] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3747] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3747] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3748], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3748 [pid 3747] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3748 attached [pid 3748] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3748] memfd_create("syzkaller", 0) = 3 [pid 3748] ftruncate(3, 2097152) = 0 [pid 3748] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3748] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3748] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3748] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3748] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3748] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3748] mkdir("./file0", 0777) = 0 [pid 3748] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3748] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3748] ioctl(4, LOOP_CLR_FD) = 0 [pid 3748] close(4) = 0 [pid 3748] close(3) = 0 [pid 3748] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3747] <... futex resumed>) = 0 [pid 3747] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3748] <... futex resumed>) = 1 [pid 3748] chdir("./file0") = 0 [pid 3748] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3747] <... futex resumed>) = 0 [pid 3748] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3747] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3748] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3747] <... futex resumed>) = 0 [pid 3748] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3747] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3748] <... openat resumed>) = 3 [pid 3748] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3748] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3747] <... futex resumed>) = 0 [pid 3747] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3748] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3747] <... futex resumed>) = 0 [pid 3748] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3747] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3747] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3747] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3748] <... write resumed>) = 61 [pid 3748] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] <... clone resumed>, parent_tid=[3751], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3751 [pid 3747] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3751 attached ) = 0 [pid 3748] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3751] set_robust_list(0x7f697cdce9e0, 24 [pid 3747] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3751] <... set_robust_list resumed>) = 0 [pid 3751] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3751] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3751] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3747] <... futex resumed>) = 0 [pid 3747] exit_group(0) = ? [pid 3748] <... futex resumed>) = ? [pid 3748] +++ exited with 0 +++ [pid 3751] <... futex resumed>) = ? [pid 3751] +++ exited with 0 +++ [pid 3747] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3747, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./683", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./683", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./683/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./683/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./683/binderfs") = 0 umount2("./683/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./683/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./683/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./683/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./683/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./683/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./683") = 0 mkdir("./684", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3752 ./strace-static-x86_64: Process 3752 attached [pid 3752] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3752] chdir("./684") = 0 [pid 3752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3752] setpgid(0, 0) = 0 [pid 3752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3752] write(3, "1000", 4) = 4 [pid 3752] close(3) = 0 [pid 3752] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3752] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3752] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3752] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3753], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3753 [pid 3752] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3752] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3753 attached [pid 3753] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3753] memfd_create("syzkaller", 0) = 3 [pid 3753] ftruncate(3, 2097152) = 0 [pid 3753] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3753] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3753] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3753] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3753] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3753] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3753] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3753] mkdir("./file0", 0777) = 0 [pid 3753] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3753] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3753] ioctl(4, LOOP_CLR_FD) = 0 [pid 3753] close(4) = 0 [pid 3753] close(3) = 0 [pid 3753] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3752] <... futex resumed>) = 0 [pid 3752] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3752] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3753] <... futex resumed>) = 1 [pid 3753] chdir("./file0") = 0 [pid 3753] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3752] <... futex resumed>) = 0 [pid 3752] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3752] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3753] <... futex resumed>) = 1 [pid 3753] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3753] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3752] <... futex resumed>) = 0 [pid 3752] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3752] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3752] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3752] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3756], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3756 [pid 3752] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3752] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3753] <... futex resumed>) = 1 [pid 3753] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61./strace-static-x86_64: Process 3756 attached ) = 61 [pid 3753] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3756] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3756] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3756] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3752] <... futex resumed>) = 0 [pid 3752] exit_group(0) = ? [pid 3753] <... futex resumed>) = ? [pid 3756] <... futex resumed>) = ? [pid 3753] +++ exited with 0 +++ [pid 3756] +++ exited with 0 +++ [pid 3752] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3752, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./684", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./684", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./684/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./684/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./684/binderfs") = 0 umount2("./684/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./684/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./684/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./684/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./684/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./684/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./684") = 0 mkdir("./685", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3757 ./strace-static-x86_64: Process 3757 attached [pid 3757] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3757] chdir("./685") = 0 [pid 3757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3757] setpgid(0, 0) = 0 [pid 3757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3757] write(3, "1000", 4) = 4 [pid 3757] close(3) = 0 [pid 3757] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3757] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3757] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3757] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3758], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3758 [pid 3757] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3758 attached [pid 3758] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3758] memfd_create("syzkaller", 0) = 3 [pid 3758] ftruncate(3, 2097152) = 0 [pid 3758] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3758] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3758] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3758] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3758] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3758] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3758] mkdir("./file0", 0777) = 0 [pid 3758] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3758] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3758] ioctl(4, LOOP_CLR_FD) = 0 [pid 3758] close(4) = 0 [pid 3758] close(3) = 0 [pid 3758] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3757] <... futex resumed>) = 0 [pid 3757] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3758] <... futex resumed>) = 1 [pid 3758] chdir("./file0") = 0 [pid 3758] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3757] <... futex resumed>) = 0 [pid 3757] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3758] <... futex resumed>) = 1 [pid 3758] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3758] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3757] <... futex resumed>) = 0 [pid 3757] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3757] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3757] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3761], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3761 [pid 3757] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3758] <... futex resumed>) = 1 [pid 3758] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3758] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3758] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3761 attached [pid 3761] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3761] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3761] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3757] <... futex resumed>) = 0 [pid 3757] exit_group(0 [pid 3758] <... futex resumed>) = ? [pid 3761] <... futex resumed>) = ? [pid 3757] <... exit_group resumed>) = ? [pid 3761] +++ exited with 0 +++ [pid 3758] +++ exited with 0 +++ [pid 3757] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3757, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./685", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./685", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./685/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./685/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./685/binderfs") = 0 umount2("./685/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./685/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./685/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./685/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./685/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./685/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./685") = 0 mkdir("./686", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3762 ./strace-static-x86_64: Process 3762 attached [pid 3762] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3762] chdir("./686") = 0 [pid 3762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3762] setpgid(0, 0) = 0 [pid 3762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3762] write(3, "1000", 4) = 4 [pid 3762] close(3) = 0 [pid 3762] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3762] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3762] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3762] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3763], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3763 [pid 3762] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3762] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3763 attached [pid 3763] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3763] memfd_create("syzkaller", 0) = 3 [pid 3763] ftruncate(3, 2097152) = 0 [pid 3763] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3763] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3763] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3763] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3763] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3763] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3763] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3763] mkdir("./file0", 0777) = 0 [pid 3763] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3763] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3763] ioctl(4, LOOP_CLR_FD) = 0 [pid 3763] close(4) = 0 [pid 3763] close(3) = 0 [pid 3763] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3762] <... futex resumed>) = 0 [pid 3762] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3762] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3763] chdir("./file0") = 0 [pid 3763] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3762] <... futex resumed>) = 0 [pid 3763] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3762] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3763] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3762] <... futex resumed>) = 0 [pid 3762] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3763] <... openat resumed>) = 3 [pid 3763] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3762] <... futex resumed>) = 0 [pid 3762] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3762] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3763] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3762] <... futex resumed>) = 0 [pid 3762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3762] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 3763] <... write resumed>) = 61 [pid 3762] <... mprotect resumed>) = 0 [pid 3762] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3763] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3763] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3762] <... clone resumed>, parent_tid=[3766], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3766 [pid 3762] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3762] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3766 attached [pid 3766] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3766] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3766] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3766] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3762] <... futex resumed>) = 0 [pid 3762] exit_group(0) = ? [pid 3763] <... futex resumed>) = ? [pid 3763] +++ exited with 0 +++ [pid 3766] <... futex resumed>) = ? [pid 3766] +++ exited with 0 +++ [pid 3762] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3762, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./686", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./686", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./686/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./686/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./686/binderfs") = 0 umount2("./686/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./686/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./686/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./686/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./686/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./686/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./686") = 0 mkdir("./687", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3767 ./strace-static-x86_64: Process 3767 attached [pid 3767] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3767] chdir("./687") = 0 [pid 3767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3767] setpgid(0, 0) = 0 [pid 3767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3767] write(3, "1000", 4) = 4 [pid 3767] close(3) = 0 [pid 3767] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3767] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3767] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3767] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3768], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3768 [pid 3767] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3767] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3768 attached [pid 3768] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3768] memfd_create("syzkaller", 0) = 3 [pid 3768] ftruncate(3, 2097152) = 0 [pid 3768] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3768] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3768] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3768] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3768] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3768] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3768] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3768] mkdir("./file0", 0777) = 0 [pid 3768] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3768] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3768] ioctl(4, LOOP_CLR_FD) = 0 [pid 3768] close(4) = 0 [pid 3768] close(3) = 0 [pid 3768] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3767] <... futex resumed>) = 0 [pid 3767] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3767] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3768] <... futex resumed>) = 1 [pid 3768] chdir("./file0") = 0 [pid 3768] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3767] <... futex resumed>) = 0 [pid 3767] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3767] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3768] <... futex resumed>) = 1 [pid 3768] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3768] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3767] <... futex resumed>) = 0 [pid 3767] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3767] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3767] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3767] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3771], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3771 [pid 3767] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3767] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3768] <... futex resumed>) = 1 [pid 3768] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3768] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3768] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3771 attached [pid 3771] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3771] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3771] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3767] <... futex resumed>) = 0 [pid 3767] exit_group(0) = ? [pid 3768] <... futex resumed>) = ? [pid 3768] +++ exited with 0 +++ [pid 3771] <... futex resumed>) = ? [pid 3771] +++ exited with 0 +++ [pid 3767] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3767, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./687", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./687", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./687/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./687/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./687/binderfs") = 0 umount2("./687/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./687/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./687/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./687/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./687/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./687/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./687") = 0 mkdir("./688", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3772 ./strace-static-x86_64: Process 3772 attached [pid 3772] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3772] chdir("./688") = 0 [pid 3772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3772] setpgid(0, 0) = 0 [pid 3772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3772] write(3, "1000", 4) = 4 [pid 3772] close(3) = 0 [pid 3772] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3772] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3772] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3772] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3773], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3773 [pid 3772] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3773 attached [pid 3772] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3773] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3773] memfd_create("syzkaller", 0) = 3 [pid 3773] ftruncate(3, 2097152) = 0 [pid 3773] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3773] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3773] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3773] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3773] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3773] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3773] mkdir("./file0", 0777) = 0 [pid 3773] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3773] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3773] ioctl(4, LOOP_CLR_FD) = 0 [pid 3773] close(4) = 0 [pid 3773] close(3) = 0 [pid 3773] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3772] <... futex resumed>) = 0 [pid 3773] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3772] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3773] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3773] chdir("./file0" [pid 3772] <... futex resumed>) = 0 [pid 3772] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3773] <... chdir resumed>) = 0 [pid 3773] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3773] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3772] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3772] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3772] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3773] <... futex resumed>) = 0 [pid 3773] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3773] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3772] <... futex resumed>) = 0 [pid 3772] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3772] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3772] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3772] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3776 attached , parent_tid=[3776], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3776 [pid 3772] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3772] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3776] set_robust_list(0x7f697cdce9e0, 24 [pid 3773] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3776] <... set_robust_list resumed>) = 0 [pid 3776] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3776] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3773] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 3772] <... futex resumed>) = 0 [pid 3776] <... futex resumed>) = 1 [pid 3776] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3773] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3773] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3772] exit_group(0) = ? [pid 3773] <... futex resumed>) = ? [pid 3773] +++ exited with 0 +++ [pid 3776] <... futex resumed>) = ? [pid 3776] +++ exited with 0 +++ [pid 3772] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3772, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./688", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./688", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./688/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./688/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./688/binderfs") = 0 umount2("./688/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./688/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./688/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./688/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./688/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./688/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./688") = 0 mkdir("./689", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3777 ./strace-static-x86_64: Process 3777 attached [pid 3777] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3777] chdir("./689") = 0 [pid 3777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3777] setpgid(0, 0) = 0 [pid 3777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3777] write(3, "1000", 4) = 4 [pid 3777] close(3) = 0 [pid 3777] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3777] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3777] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3777] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3778], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3778 [pid 3777] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3778 attached [pid 3778] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3778] memfd_create("syzkaller", 0) = 3 [pid 3778] ftruncate(3, 2097152) = 0 [pid 3778] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3778] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3778] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3778] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3778] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3778] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3778] mkdir("./file0", 0777) = 0 [pid 3778] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3778] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3778] ioctl(4, LOOP_CLR_FD) = 0 [pid 3778] close(4) = 0 [pid 3778] close(3) = 0 [pid 3778] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3778] <... futex resumed>) = 1 [pid 3777] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3778] chdir("./file0" [pid 3777] <... futex resumed>) = 0 [pid 3778] <... chdir resumed>) = 0 [pid 3777] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3778] <... futex resumed>) = 0 [pid 3777] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3778] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... openat resumed>) = 3 [pid 3778] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3778] <... futex resumed>) = 1 [pid 3777] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3778] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3778] <... write resumed>) = 61 [pid 3777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3778] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... mmap resumed>) = 0x7f697cdae000 [pid 3778] <... futex resumed>) = 0 [pid 3777] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 3778] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3777] <... mprotect resumed>) = 0 [pid 3777] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3781], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3781 [pid 3777] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3781 attached [pid 3781] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3781] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3781] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] exit_group(0 [pid 3778] <... futex resumed>) = ? [pid 3777] <... exit_group resumed>) = ? [pid 3778] +++ exited with 0 +++ [pid 3781] <... futex resumed>) = ? [pid 3781] +++ exited with 0 +++ [pid 3777] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3777, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./689", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./689", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./689/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./689/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./689/binderfs") = 0 umount2("./689/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./689/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./689/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./689/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./689/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./689/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./689") = 0 mkdir("./690", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3782 ./strace-static-x86_64: Process 3782 attached [pid 3782] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3782] chdir("./690") = 0 [pid 3782] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3782] setpgid(0, 0) = 0 [pid 3782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3782] write(3, "1000", 4) = 4 [pid 3782] close(3) = 0 [pid 3782] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3782] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3782] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3782] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3782] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3783], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3783 [pid 3782] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3782] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3783 attached [pid 3783] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3783] memfd_create("syzkaller", 0) = 3 [pid 3783] ftruncate(3, 2097152) = 0 [pid 3783] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3783] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3783] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3783] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3783] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3783] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3783] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3783] mkdir("./file0", 0777) = 0 [pid 3783] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3783] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3783] ioctl(4, LOOP_CLR_FD) = 0 [pid 3783] close(4) = 0 [pid 3783] close(3) = 0 [pid 3783] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3782] <... futex resumed>) = 0 [pid 3782] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3782] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3783] <... futex resumed>) = 1 [pid 3783] chdir("./file0") = 0 [pid 3783] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3782] <... futex resumed>) = 0 [pid 3782] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3782] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3783] <... futex resumed>) = 1 [pid 3783] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3783] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3782] <... futex resumed>) = 0 [pid 3782] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3782] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3782] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3782] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3782] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3786], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3786 [pid 3782] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3782] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3783] <... futex resumed>) = 1 [pid 3783] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3783] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3783] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3786 attached [pid 3786] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3786] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3786] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3782] <... futex resumed>) = 0 [pid 3782] exit_group(0 [pid 3783] <... futex resumed>) = ? [pid 3782] <... exit_group resumed>) = ? [pid 3783] +++ exited with 0 +++ [pid 3786] <... futex resumed>) = ? [pid 3786] +++ exited with 0 +++ [pid 3782] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3782, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./690", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./690", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./690/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./690/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./690/binderfs") = 0 umount2("./690/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./690/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./690/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./690/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./690/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./690/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./690") = 0 mkdir("./691", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3787 ./strace-static-x86_64: Process 3787 attached [pid 3787] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3787] chdir("./691") = 0 [pid 3787] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3787] setpgid(0, 0) = 0 [pid 3787] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3787] write(3, "1000", 4) = 4 [pid 3787] close(3) = 0 [pid 3787] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3787] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3787] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3787] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3787] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3788], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3788 [pid 3787] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3787] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3788 attached [pid 3788] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3788] memfd_create("syzkaller", 0) = 3 [pid 3788] ftruncate(3, 2097152) = 0 [pid 3788] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3788] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3788] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3788] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3788] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3788] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3788] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3788] mkdir("./file0", 0777) = 0 [pid 3788] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3788] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3788] ioctl(4, LOOP_CLR_FD) = 0 [pid 3788] close(4) = 0 [pid 3788] close(3) = 0 [pid 3788] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3787] <... futex resumed>) = 0 [pid 3788] chdir("./file0" [pid 3787] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3788] <... chdir resumed>) = 0 [pid 3787] <... futex resumed>) = 0 [pid 3788] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3787] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3788] <... futex resumed>) = 0 [pid 3787] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3788] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3787] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3788] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3787] <... futex resumed>) = 0 [pid 3788] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3787] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3788] <... openat resumed>) = 3 [pid 3788] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3787] <... futex resumed>) = 0 [pid 3788] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3787] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3788] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3787] <... futex resumed>) = 0 [pid 3788] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3787] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3788] <... write resumed>) = 61 [pid 3787] <... futex resumed>) = 0 [pid 3788] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3787] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3788] <... futex resumed>) = 0 [pid 3787] <... mmap resumed>) = 0x7f697cdae000 [pid 3788] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3787] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3787] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3791 attached , parent_tid=[3791], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3791 [pid 3787] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3791] set_robust_list(0x7f697cdce9e0, 24 [pid 3787] <... futex resumed>) = 0 [pid 3787] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3791] <... set_robust_list resumed>) = 0 [pid 3791] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3791] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3787] <... futex resumed>) = 0 [pid 3787] exit_group(0) = ? [pid 3788] <... futex resumed>) = ? [pid 3788] +++ exited with 0 +++ [pid 3791] <... futex resumed>) = ? [pid 3791] +++ exited with 0 +++ [pid 3787] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3787, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./691", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./691", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./691/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./691/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./691/binderfs") = 0 umount2("./691/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./691/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./691/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./691/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./691/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./691/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./691") = 0 mkdir("./692", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3792 ./strace-static-x86_64: Process 3792 attached [pid 3792] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3792] chdir("./692") = 0 [pid 3792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3792] setpgid(0, 0) = 0 [pid 3792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3792] write(3, "1000", 4) = 4 [pid 3792] close(3) = 0 [pid 3792] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3792] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3792] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3792] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3793], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3793 [pid 3792] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3792] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3793 attached [pid 3793] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3793] memfd_create("syzkaller", 0) = 3 [pid 3793] ftruncate(3, 2097152) = 0 [pid 3793] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3793] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3793] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3793] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3793] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3793] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3793] mkdir("./file0", 0777) = 0 [pid 3793] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3793] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3793] ioctl(4, LOOP_CLR_FD) = 0 [pid 3793] close(4) = 0 [pid 3793] close(3) = 0 [pid 3793] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3792] <... futex resumed>) = 0 [pid 3792] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3792] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3793] chdir("./file0") = 0 [pid 3793] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3792] <... futex resumed>) = 0 [pid 3792] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3792] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3793] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3793] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3792] <... futex resumed>) = 0 [pid 3792] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3792] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3792] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3792] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3793] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3792] <... clone resumed>, parent_tid=[3796], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3796 [pid 3793] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3792] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3793] <... futex resumed>) = 0 [pid 3792] <... futex resumed>) = 0 [pid 3793] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3792] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3796 attached [pid 3796] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3796] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3796] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3792] <... futex resumed>) = 0 [pid 3792] exit_group(0 [pid 3793] <... futex resumed>) = ? [pid 3792] <... exit_group resumed>) = ? [pid 3793] +++ exited with 0 +++ [pid 3796] <... futex resumed>) = ? [pid 3796] +++ exited with 0 +++ [pid 3792] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3792, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./692", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./692", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./692/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./692/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./692/binderfs") = 0 umount2("./692/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./692/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./692/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./692/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./692/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./692/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./692") = 0 mkdir("./693", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3797 ./strace-static-x86_64: Process 3797 attached [pid 3797] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3797] chdir("./693") = 0 [pid 3797] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3797] setpgid(0, 0) = 0 [pid 3797] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3797] write(3, "1000", 4) = 4 [pid 3797] close(3) = 0 [pid 3797] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3797] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3797] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3797] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3797] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3798 attached , parent_tid=[3798], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3798 [pid 3797] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3797] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3798] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3798] memfd_create("syzkaller", 0) = 3 [pid 3798] ftruncate(3, 2097152) = 0 [pid 3798] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3798] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3798] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3798] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3798] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3798] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3798] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3798] mkdir("./file0", 0777) = 0 [pid 3798] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3798] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3798] ioctl(4, LOOP_CLR_FD) = 0 [pid 3798] close(4) = 0 [pid 3798] close(3) = 0 [pid 3798] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3797] <... futex resumed>) = 0 [pid 3798] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3797] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3798] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3798] chdir("./file0" [pid 3797] <... futex resumed>) = 0 [pid 3798] <... chdir resumed>) = 0 [pid 3797] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3798] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3798] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3797] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3798] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3797] <... futex resumed>) = 0 [pid 3798] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3797] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3798] <... openat resumed>) = 3 [pid 3798] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3797] <... futex resumed>) = 0 [pid 3798] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3797] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3798] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3797] <... futex resumed>) = 0 [pid 3798] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3797] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3798] <... write resumed>) = 61 [pid 3797] <... futex resumed>) = 0 [pid 3798] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3798] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3797] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3797] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3797] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3801 attached [pid 3801] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3801] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3797] <... clone resumed>, parent_tid=[3801], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3801 [pid 3797] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3801] <... futex resumed>) = 0 [pid 3801] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3797] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3801] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3801] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3797] <... futex resumed>) = 0 [pid 3797] exit_group(0 [pid 3798] <... futex resumed>) = ? [pid 3798] +++ exited with 0 +++ [pid 3797] <... exit_group resumed>) = ? [pid 3801] +++ exited with 0 +++ [pid 3797] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3797, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./693", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./693", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./693/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./693/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./693/binderfs") = 0 umount2("./693/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./693/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./693/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./693/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./693/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./693/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./693") = 0 mkdir("./694", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3802 ./strace-static-x86_64: Process 3802 attached [pid 3802] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3802] chdir("./694") = 0 [pid 3802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3802] setpgid(0, 0) = 0 [pid 3802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3802] write(3, "1000", 4) = 4 [pid 3802] close(3) = 0 [pid 3802] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3802] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3802] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3802] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3803], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3803 [pid 3802] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3802] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3803 attached [pid 3803] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3803] memfd_create("syzkaller", 0) = 3 [pid 3803] ftruncate(3, 2097152) = 0 [pid 3803] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3803] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3803] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3803] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3803] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3803] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3803] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3803] mkdir("./file0", 0777) = 0 [pid 3803] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3803] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3803] ioctl(4, LOOP_CLR_FD) = 0 [pid 3803] close(4) = 0 [pid 3803] close(3) = 0 [pid 3803] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3803] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3802] <... futex resumed>) = 0 [pid 3802] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3802] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3803] <... futex resumed>) = 0 [pid 3803] chdir("./file0") = 0 [pid 3803] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3802] <... futex resumed>) = 0 [pid 3803] <... futex resumed>) = 1 [pid 3803] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3802] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3802] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3803] <... openat resumed>) = 3 [pid 3803] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3802] <... futex resumed>) = 0 [pid 3802] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3803] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3802] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3803] <... write resumed>) = 61 [pid 3802] <... futex resumed>) = 0 [pid 3802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3803] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3802] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3802] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3806 attached , parent_tid=[3806], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3806 [pid 3806] set_robust_list(0x7f697cdce9e0, 24 [pid 3802] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3806] <... set_robust_list resumed>) = 0 [pid 3802] <... futex resumed>) = 0 [pid 3806] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3802] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3803] <... futex resumed>) = 0 [pid 3803] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3806] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3806] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3802] <... futex resumed>) = 0 [pid 3806] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3802] exit_group(0) = ? [pid 3806] <... futex resumed>) = ? [pid 3806] +++ exited with 0 +++ [pid 3803] <... futex resumed>) = ? [pid 3803] +++ exited with 0 +++ [pid 3802] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3802, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./694", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./694", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./694/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./694/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./694/binderfs") = 0 umount2("./694/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./694/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./694/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./694/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./694/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./694/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./694") = 0 mkdir("./695", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3807 ./strace-static-x86_64: Process 3807 attached [pid 3807] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3807] chdir("./695") = 0 [pid 3807] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3807] setpgid(0, 0) = 0 [pid 3807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3807] write(3, "1000", 4) = 4 [pid 3807] close(3) = 0 [pid 3807] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3807] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3807] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3807] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3808], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3808 [pid 3807] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3807] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3808 attached [pid 3808] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3808] memfd_create("syzkaller", 0) = 3 [pid 3808] ftruncate(3, 2097152) = 0 [pid 3808] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3808] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3808] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3808] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3808] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3808] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3808] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3808] mkdir("./file0", 0777) = 0 [pid 3808] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3808] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3808] ioctl(4, LOOP_CLR_FD) = 0 [pid 3808] close(4) = 0 [pid 3808] close(3) = 0 [pid 3808] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3807] <... futex resumed>) = 0 [pid 3807] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3807] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3808] <... futex resumed>) = 1 [pid 3808] chdir("./file0") = 0 [pid 3808] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3807] <... futex resumed>) = 0 [pid 3807] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3807] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3808] <... futex resumed>) = 1 [pid 3808] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3808] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3807] <... futex resumed>) = 0 [pid 3808] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3807] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3807] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3808] <... write resumed>) = 61 [pid 3807] <... futex resumed>) = 0 [pid 3807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3808] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3807] <... mmap resumed>) = 0x7f697cdae000 [pid 3808] <... futex resumed>) = 0 [pid 3807] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 3808] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3807] <... mprotect resumed>) = 0 [pid 3807] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3811], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3811 [pid 3807] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3807] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3811 attached [pid 3811] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3811] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3811] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3811] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3807] <... futex resumed>) = 0 [pid 3807] exit_group(0) = ? [pid 3811] <... futex resumed>) = ? [pid 3808] <... futex resumed>) = ? [pid 3808] +++ exited with 0 +++ [pid 3811] +++ exited with 0 +++ [pid 3807] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3807, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./695", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./695", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./695/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./695/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./695/binderfs") = 0 umount2("./695/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./695/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./695/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./695/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./695/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./695/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./695") = 0 mkdir("./696", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3812 ./strace-static-x86_64: Process 3812 attached [pid 3812] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3812] chdir("./696") = 0 [pid 3812] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3812] setpgid(0, 0) = 0 [pid 3812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3812] write(3, "1000", 4) = 4 [pid 3812] close(3) = 0 [pid 3812] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3812] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3812] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3812] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3813], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3813 [pid 3812] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3812] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3813 attached [pid 3813] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3813] memfd_create("syzkaller", 0) = 3 [pid 3813] ftruncate(3, 2097152) = 0 [pid 3813] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3813] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3813] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3813] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3813] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3813] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3813] mkdir("./file0", 0777) = 0 [pid 3813] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3813] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3813] ioctl(4, LOOP_CLR_FD) = 0 [pid 3813] close(4) = 0 [pid 3813] close(3) = 0 [pid 3813] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3812] <... futex resumed>) = 0 [pid 3813] <... futex resumed>) = 1 [pid 3812] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3813] chdir("./file0" [pid 3812] <... futex resumed>) = 0 [pid 3812] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3813] <... chdir resumed>) = 0 [pid 3813] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3812] <... futex resumed>) = 0 [pid 3813] <... futex resumed>) = 1 [pid 3812] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3813] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3812] <... futex resumed>) = 0 [pid 3812] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3813] <... openat resumed>) = 3 [pid 3813] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3812] <... futex resumed>) = 0 [pid 3812] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3812] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3812] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3812] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3816], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3816 [pid 3812] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3812] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3813] <... futex resumed>) = 1 [pid 3813] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3813] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3813] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3816 attached [pid 3816] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3816] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3816] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3812] <... futex resumed>) = 0 [pid 3812] exit_group(0) = ? [pid 3813] <... futex resumed>) = ? [pid 3813] +++ exited with 0 +++ [pid 3816] <... futex resumed>) = ? [pid 3816] +++ exited with 0 +++ [pid 3812] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3812, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./696", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./696", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./696/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./696/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./696/binderfs") = 0 umount2("./696/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./696/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./696/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./696/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./696/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./696/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./696") = 0 mkdir("./697", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3817 ./strace-static-x86_64: Process 3817 attached [pid 3817] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3817] chdir("./697") = 0 [pid 3817] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3817] setpgid(0, 0) = 0 [pid 3817] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3817] write(3, "1000", 4) = 4 [pid 3817] close(3) = 0 [pid 3817] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3817] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3817] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3817] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3818], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3818 [pid 3817] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3817] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3818 attached [pid 3818] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3818] memfd_create("syzkaller", 0) = 3 [pid 3818] ftruncate(3, 2097152) = 0 [pid 3818] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3818] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3818] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3818] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3818] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3818] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3818] mkdir("./file0", 0777) = 0 [pid 3818] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3818] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3818] ioctl(4, LOOP_CLR_FD) = 0 [pid 3818] close(4) = 0 [pid 3818] close(3) = 0 [pid 3818] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3817] <... futex resumed>) = 0 [pid 3817] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3817] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3818] <... futex resumed>) = 1 [pid 3818] chdir("./file0") = 0 [pid 3818] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3817] <... futex resumed>) = 0 [pid 3817] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3817] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3818] <... futex resumed>) = 1 [pid 3818] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3818] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3817] <... futex resumed>) = 0 [pid 3817] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3817] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3817] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3817] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3821], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3821 [pid 3817] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3817] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3818] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3818] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3818] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3821 attached [pid 3821] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3821] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3821] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3821] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3817] <... futex resumed>) = 0 [pid 3817] exit_group(0) = ? [pid 3818] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 3821] <... futex resumed>) = ? [pid 3818] +++ exited with 0 +++ [pid 3821] +++ exited with 0 +++ [pid 3817] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3817, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./697", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./697", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./697/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./697/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./697/binderfs") = 0 umount2("./697/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./697/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./697/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./697/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./697/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./697/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./697") = 0 mkdir("./698", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3822 ./strace-static-x86_64: Process 3822 attached [pid 3822] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3822] chdir("./698") = 0 [pid 3822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3822] setpgid(0, 0) = 0 [pid 3822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3822] write(3, "1000", 4) = 4 [pid 3822] close(3) = 0 [pid 3822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3822] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3822] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3822] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3823], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3823 [pid 3822] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3823 attached [pid 3823] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3823] memfd_create("syzkaller", 0) = 3 [pid 3823] ftruncate(3, 2097152) = 0 [pid 3823] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3823] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3823] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3823] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3823] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3823] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3823] mkdir("./file0", 0777) = 0 [pid 3823] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3823] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3823] ioctl(4, LOOP_CLR_FD) = 0 [pid 3823] close(4) = 0 [pid 3823] close(3) = 0 [pid 3823] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] chdir("./file0") = 0 [pid 3823] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3822] <... futex resumed>) = 0 [pid 3823] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3822] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... openat resumed>) = 3 [pid 3823] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3822] <... futex resumed>) = 0 [pid 3823] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3822] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3823] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3822] <... futex resumed>) = 0 [pid 3823] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3822] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3823] <... write resumed>) = 61 [pid 3822] <... futex resumed>) = 0 [pid 3823] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3823] <... futex resumed>) = 0 [pid 3822] <... mmap resumed>) = 0x7f697cdae000 [pid 3823] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3822] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3822] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3826], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3826 [pid 3822] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3826 attached [pid 3826] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3826] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3826] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] exit_group(0 [pid 3823] <... futex resumed>) = ? [pid 3822] <... exit_group resumed>) = ? [pid 3823] +++ exited with 0 +++ [pid 3826] <... futex resumed>) = ? [pid 3826] +++ exited with 0 +++ [pid 3822] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3822, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./698", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./698", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./698/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./698/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./698/binderfs") = 0 umount2("./698/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./698/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./698/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./698/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./698/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./698/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./698") = 0 mkdir("./699", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3827 ./strace-static-x86_64: Process 3827 attached [pid 3827] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3827] chdir("./699") = 0 [pid 3827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3827] setpgid(0, 0) = 0 [pid 3827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3827] write(3, "1000", 4) = 4 [pid 3827] close(3) = 0 [pid 3827] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3827] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3827] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3827] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3828], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3828 [pid 3827] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3827] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3828 attached [pid 3828] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3828] memfd_create("syzkaller", 0) = 3 [pid 3828] ftruncate(3, 2097152) = 0 [pid 3828] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3828] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3828] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3828] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3828] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3828] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3828] mkdir("./file0", 0777) = 0 [pid 3828] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3828] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3828] ioctl(4, LOOP_CLR_FD) = 0 [pid 3828] close(4) = 0 [pid 3828] close(3) = 0 [pid 3828] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3827] <... futex resumed>) = 0 [pid 3827] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3827] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3828] <... futex resumed>) = 1 [pid 3828] chdir("./file0") = 0 [pid 3828] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3827] <... futex resumed>) = 0 [pid 3827] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3827] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3828] <... futex resumed>) = 1 [pid 3828] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3828] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3827] <... futex resumed>) = 0 [pid 3827] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3827] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3827] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3827] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3831], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3831 [pid 3827] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3827] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3828] <... futex resumed>) = 1 [pid 3828] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61./strace-static-x86_64: Process 3831 attached ) = 61 [pid 3831] set_robust_list(0x7f697cdce9e0, 24 [pid 3828] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3831] <... set_robust_list resumed>) = 0 [pid 3828] <... futex resumed>) = 0 [pid 3828] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3831] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3831] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3827] <... futex resumed>) = 0 [pid 3831] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3827] exit_group(0) = ? [pid 3828] <... futex resumed>) = ? [pid 3828] +++ exited with 0 +++ [pid 3831] <... futex resumed>) = ? [pid 3831] +++ exited with 0 +++ [pid 3827] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3827, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./699", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./699", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./699/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./699/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./699/binderfs") = 0 umount2("./699/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./699/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./699/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./699/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./699/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./699/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./699") = 0 mkdir("./700", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3832 ./strace-static-x86_64: Process 3832 attached [pid 3832] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3832] chdir("./700") = 0 [pid 3832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3832] setpgid(0, 0) = 0 [pid 3832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3832] write(3, "1000", 4) = 4 [pid 3832] close(3) = 0 [pid 3832] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3832] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3832] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3832] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3833], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3833 [pid 3832] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3832] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3833 attached [pid 3833] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3833] memfd_create("syzkaller", 0) = 3 [pid 3833] ftruncate(3, 2097152) = 0 [pid 3833] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3833] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3833] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3833] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3833] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3833] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3833] mkdir("./file0", 0777) = 0 [pid 3833] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3833] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3833] ioctl(4, LOOP_CLR_FD) = 0 [pid 3833] close(4) = 0 [pid 3833] close(3) = 0 [pid 3833] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3832] <... futex resumed>) = 0 [pid 3832] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3832] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3833] <... futex resumed>) = 1 [pid 3833] chdir("./file0") = 0 [pid 3833] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3832] <... futex resumed>) = 0 [pid 3832] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3832] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3833] <... futex resumed>) = 1 [pid 3833] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3833] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3832] <... futex resumed>) = 0 [pid 3832] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3832] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3832] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3832] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3836], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3836 [pid 3832] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3832] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3833] <... futex resumed>) = 1 [pid 3833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3833] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3833] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3836 attached [pid 3836] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3836] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3836] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3832] <... futex resumed>) = 0 [pid 3832] exit_group(0 [pid 3833] <... futex resumed>) = ? [pid 3832] <... exit_group resumed>) = ? [pid 3833] +++ exited with 0 +++ [pid 3836] +++ exited with 0 +++ [pid 3832] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3832, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./700", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./700", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./700/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./700/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./700/binderfs") = 0 umount2("./700/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./700/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./700/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./700/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./700/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./700/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./700") = 0 mkdir("./701", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3837 ./strace-static-x86_64: Process 3837 attached [pid 3837] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3837] chdir("./701") = 0 [pid 3837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3837] setpgid(0, 0) = 0 [pid 3837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3837] write(3, "1000", 4) = 4 [pid 3837] close(3) = 0 [pid 3837] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3837] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3837] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3837] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3838], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3838 [pid 3837] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3837] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3838 attached [pid 3838] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3838] memfd_create("syzkaller", 0) = 3 [pid 3838] ftruncate(3, 2097152) = 0 [pid 3838] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3838] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3838] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3838] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3838] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3838] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3838] mkdir("./file0", 0777) = 0 [pid 3838] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3838] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3838] ioctl(4, LOOP_CLR_FD) = 0 [pid 3838] close(4) = 0 [pid 3838] close(3) = 0 [pid 3838] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3837] <... futex resumed>) = 0 [pid 3837] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3837] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3838] <... futex resumed>) = 1 [pid 3838] chdir("./file0") = 0 [pid 3838] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3837] <... futex resumed>) = 0 [pid 3837] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3837] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3838] <... futex resumed>) = 1 [pid 3838] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3838] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3837] <... futex resumed>) = 0 [pid 3837] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3837] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3837] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3837] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3841], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3841 [pid 3837] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3837] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3838] <... futex resumed>) = 1 [pid 3838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3838] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3838] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3841 attached [pid 3841] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3841] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3841] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3837] <... futex resumed>) = 0 [pid 3837] exit_group(0) = ? [pid 3841] <... futex resumed>) = ? [pid 3838] <... futex resumed>) = ? [pid 3838] +++ exited with 0 +++ [pid 3841] +++ exited with 0 +++ [pid 3837] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3837, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./701", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./701", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./701/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./701/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./701/binderfs") = 0 umount2("./701/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./701/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./701/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./701/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./701/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./701/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./701") = 0 mkdir("./702", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3842 ./strace-static-x86_64: Process 3842 attached [pid 3842] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3842] chdir("./702") = 0 [pid 3842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3842] setpgid(0, 0) = 0 [pid 3842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3842] write(3, "1000", 4) = 4 [pid 3842] close(3) = 0 [pid 3842] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3842] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3842] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3842] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3843], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3843 [pid 3842] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3842] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3843 attached [pid 3843] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3843] memfd_create("syzkaller", 0) = 3 [pid 3843] ftruncate(3, 2097152) = 0 [pid 3843] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3843] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3843] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3843] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3843] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3843] mkdir("./file0", 0777) = 0 [pid 3843] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3843] ioctl(4, LOOP_CLR_FD) = 0 [pid 3843] close(4) = 0 [pid 3843] close(3) = 0 [pid 3843] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3842] <... futex resumed>) = 0 [pid 3842] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3842] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3843] <... futex resumed>) = 1 [pid 3843] chdir("./file0") = 0 [pid 3843] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3842] <... futex resumed>) = 0 [pid 3842] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3842] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3843] <... futex resumed>) = 1 [pid 3843] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3843] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3842] <... futex resumed>) = 0 [pid 3842] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3842] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3842] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3842] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3846], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3846 [pid 3842] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3842] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3843] <... futex resumed>) = 1 [pid 3843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3843] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3843] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3846 attached [pid 3846] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3846] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3846] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3842] <... futex resumed>) = 0 [pid 3842] exit_group(0 [pid 3843] <... futex resumed>) = ? [pid 3842] <... exit_group resumed>) = ? [pid 3843] +++ exited with 0 +++ [pid 3846] <... futex resumed>) = ? [pid 3846] +++ exited with 0 +++ [pid 3842] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3842, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./702", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./702", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./702/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./702/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./702/binderfs") = 0 umount2("./702/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./702/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./702/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./702/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./702/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./702/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./702") = 0 mkdir("./703", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3847 ./strace-static-x86_64: Process 3847 attached [pid 3847] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3847] chdir("./703") = 0 [pid 3847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3847] setpgid(0, 0) = 0 [pid 3847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3847] write(3, "1000", 4) = 4 [pid 3847] close(3) = 0 [pid 3847] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3847] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3847] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3847] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3848], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3848 [pid 3847] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3847] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3848 attached [pid 3848] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3848] memfd_create("syzkaller", 0) = 3 [pid 3848] ftruncate(3, 2097152) = 0 [pid 3848] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3848] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3848] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3848] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3848] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3848] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3848] mkdir("./file0", 0777) = 0 [pid 3848] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3848] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3848] ioctl(4, LOOP_CLR_FD) = 0 [pid 3848] close(4) = 0 [pid 3848] close(3) = 0 [pid 3848] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3847] <... futex resumed>) = 0 [pid 3847] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3847] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3848] chdir("./file0") = 0 [pid 3848] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3847] <... futex resumed>) = 0 [pid 3847] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3847] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3848] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3848] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3847] <... futex resumed>) = 0 [pid 3847] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3847] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3847] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3847] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3851], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3851 [pid 3847] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3847] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3848] <... write resumed>) = 61 [pid 3848] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3848] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3851 attached [pid 3851] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3851] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3851] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3847] <... futex resumed>) = 0 [pid 3847] exit_group(0 [pid 3848] <... futex resumed>) = ? [pid 3847] <... exit_group resumed>) = ? [pid 3848] +++ exited with 0 +++ [pid 3851] <... futex resumed>) = ? [pid 3851] +++ exited with 0 +++ [pid 3847] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3847, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./703", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./703", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./703/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./703/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./703/binderfs") = 0 umount2("./703/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./703/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./703/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./703/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./703/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./703/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./703") = 0 mkdir("./704", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3852 ./strace-static-x86_64: Process 3852 attached [pid 3852] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3852] chdir("./704") = 0 [pid 3852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3852] setpgid(0, 0) = 0 [pid 3852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3852] write(3, "1000", 4) = 4 [pid 3852] close(3) = 0 [pid 3852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3852] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3852] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3852] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3853], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3853 [pid 3852] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3852] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3853 attached [pid 3853] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3853] memfd_create("syzkaller", 0) = 3 [pid 3853] ftruncate(3, 2097152) = 0 [pid 3853] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3853] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3853] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3853] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3853] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3853] mkdir("./file0", 0777) = 0 [pid 3853] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3853] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3853] ioctl(4, LOOP_CLR_FD) = 0 [pid 3853] close(4) = 0 [pid 3853] close(3) = 0 [pid 3853] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3852] <... futex resumed>) = 0 [pid 3852] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3853] chdir("./file0" [pid 3852] <... futex resumed>) = 0 [pid 3852] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3853] <... chdir resumed>) = 0 [pid 3853] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3853] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3852] <... futex resumed>) = 0 [pid 3852] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3853] <... futex resumed>) = 0 [pid 3852] <... futex resumed>) = 1 [pid 3853] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3852] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3853] <... openat resumed>) = 3 [pid 3853] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3852] <... futex resumed>) = 0 [pid 3852] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3852] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3852] <... futex resumed>) = 0 [pid 3853] <... write resumed>) = 61 [pid 3852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3853] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3852] <... mmap resumed>) = 0x7f697cdae000 [pid 3853] <... futex resumed>) = 0 [pid 3852] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 3853] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3852] <... mprotect resumed>) = 0 [pid 3852] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3856], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3856 [pid 3852] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3852] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3856 attached [pid 3856] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3856] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3856] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3852] <... futex resumed>) = 0 [pid 3852] exit_group(0 [pid 3853] <... futex resumed>) = ? [pid 3852] <... exit_group resumed>) = ? [pid 3853] +++ exited with 0 +++ [pid 3856] <... futex resumed>) = ? [pid 3856] +++ exited with 0 +++ [pid 3852] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3852, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./704", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./704", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./704/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./704/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./704/binderfs") = 0 umount2("./704/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./704/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./704/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./704/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./704/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./704/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./704") = 0 mkdir("./705", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3857 ./strace-static-x86_64: Process 3857 attached [pid 3857] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3857] chdir("./705") = 0 [pid 3857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3857] setpgid(0, 0) = 0 [pid 3857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3857] write(3, "1000", 4) = 4 [pid 3857] close(3) = 0 [pid 3857] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3857] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3857] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3857] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3858], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3858 [pid 3857] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3857] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3858 attached [pid 3858] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3858] memfd_create("syzkaller", 0) = 3 [pid 3858] ftruncate(3, 2097152) = 0 [pid 3858] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3858] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3858] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3858] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3858] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3858] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3858] mkdir("./file0", 0777) = 0 [pid 3858] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3858] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3858] ioctl(4, LOOP_CLR_FD) = 0 [pid 3858] close(4) = 0 [pid 3858] close(3) = 0 [pid 3858] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3857] <... futex resumed>) = 0 [pid 3858] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3857] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3857] <... futex resumed>) = 0 [pid 3858] chdir("./file0" [pid 3857] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3858] <... chdir resumed>) = 0 [pid 3858] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3857] <... futex resumed>) = 0 [pid 3858] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3857] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3857] <... futex resumed>) = 0 [pid 3858] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3857] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3858] <... openat resumed>) = 3 [pid 3858] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3857] <... futex resumed>) = 0 [pid 3858] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3857] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3857] <... futex resumed>) = 0 [pid 3858] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3857] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3858] <... write resumed>) = 61 [pid 3857] <... futex resumed>) = 0 [pid 3858] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3858] <... futex resumed>) = 0 [pid 3857] <... mmap resumed>) = 0x7f697cdae000 [pid 3858] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3857] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3857] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3861], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3861 [pid 3857] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3857] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3861 attached [pid 3861] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3861] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3861] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3857] <... futex resumed>) = 0 [pid 3857] exit_group(0) = ? [pid 3858] <... futex resumed>) = ? [pid 3858] +++ exited with 0 +++ [pid 3861] <... futex resumed>) = ? [pid 3861] +++ exited with 0 +++ [pid 3857] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3857, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./705", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./705", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./705/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./705/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./705/binderfs") = 0 umount2("./705/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./705/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./705/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./705/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./705/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./705/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./705") = 0 mkdir("./706", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3862 ./strace-static-x86_64: Process 3862 attached [pid 3862] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3862] chdir("./706") = 0 [pid 3862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3862] setpgid(0, 0) = 0 [pid 3862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3862] write(3, "1000", 4) = 4 [pid 3862] close(3) = 0 [pid 3862] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3862] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3862] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3862] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3863 attached , parent_tid=[3863], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3863 [pid 3863] set_robust_list(0x7f697cdef9e0, 24 [pid 3862] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3862] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3863] <... set_robust_list resumed>) = 0 [pid 3863] memfd_create("syzkaller", 0) = 3 [pid 3863] ftruncate(3, 2097152) = 0 [pid 3863] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3863] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3863] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3863] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3863] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3863] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3863] mkdir("./file0", 0777) = 0 [pid 3863] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3863] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3863] ioctl(4, LOOP_CLR_FD) = 0 [pid 3863] close(4) = 0 [pid 3863] close(3) = 0 [pid 3863] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3862] <... futex resumed>) = 0 [pid 3862] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3862] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3863] <... futex resumed>) = 1 [pid 3863] chdir("./file0") = 0 [pid 3863] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3862] <... futex resumed>) = 0 [pid 3862] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3862] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3863] <... futex resumed>) = 1 [pid 3863] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3863] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3862] <... futex resumed>) = 0 [pid 3862] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3862] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3862] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3862] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3866], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3866 [pid 3862] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3862] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3863] <... futex resumed>) = 1 [pid 3863] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3863] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3863] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3866 attached [pid 3866] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3866] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3866] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3862] <... futex resumed>) = 0 [pid 3862] exit_group(0 [pid 3863] <... futex resumed>) = ? [pid 3862] <... exit_group resumed>) = ? [pid 3863] +++ exited with 0 +++ [pid 3866] <... futex resumed>) = ? [pid 3866] +++ exited with 0 +++ [pid 3862] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3862, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./706", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./706", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./706/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./706/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./706/binderfs") = 0 umount2("./706/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./706/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./706/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./706/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./706/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./706/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./706") = 0 mkdir("./707", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3867 ./strace-static-x86_64: Process 3867 attached [pid 3867] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3867] chdir("./707") = 0 [pid 3867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3867] setpgid(0, 0) = 0 [pid 3867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3867] write(3, "1000", 4) = 4 [pid 3867] close(3) = 0 [pid 3867] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3867] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3867] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3867] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3868], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3868 [pid 3867] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3867] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3868 attached [pid 3868] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3868] memfd_create("syzkaller", 0) = 3 [pid 3868] ftruncate(3, 2097152) = 0 [pid 3868] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3868] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3868] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3868] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3868] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3868] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3868] mkdir("./file0", 0777) = 0 [pid 3868] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3868] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3868] ioctl(4, LOOP_CLR_FD) = 0 [pid 3868] close(4) = 0 [pid 3868] close(3) = 0 [pid 3868] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3867] <... futex resumed>) = 0 [pid 3867] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3867] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3868] <... futex resumed>) = 1 [pid 3868] chdir("./file0") = 0 [pid 3868] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3867] <... futex resumed>) = 0 [pid 3867] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3867] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3868] <... futex resumed>) = 1 [pid 3868] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3868] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3867] <... futex resumed>) = 0 [pid 3867] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3867] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3867] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3867] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3871], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3871 [pid 3867] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3867] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3868] <... futex resumed>) = 1 [pid 3868] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3868] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3868] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3871 attached [pid 3871] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3871] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3871] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3867] <... futex resumed>) = 0 [pid 3867] exit_group(0 [pid 3868] <... futex resumed>) = ? [pid 3867] <... exit_group resumed>) = ? [pid 3868] +++ exited with 0 +++ [pid 3871] <... futex resumed>) = ? [pid 3871] +++ exited with 0 +++ [pid 3867] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3867, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./707", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./707", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./707/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./707/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./707/binderfs") = 0 umount2("./707/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./707/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./707/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./707/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./707/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./707/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./707") = 0 mkdir("./708", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3872 ./strace-static-x86_64: Process 3872 attached [pid 3872] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3872] chdir("./708") = 0 [pid 3872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3872] setpgid(0, 0) = 0 [pid 3872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3872] write(3, "1000", 4) = 4 [pid 3872] close(3) = 0 [pid 3872] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3872] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3872] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3872] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3873], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3873 [pid 3872] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3872] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3873 attached [pid 3873] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3873] memfd_create("syzkaller", 0) = 3 [pid 3873] ftruncate(3, 2097152) = 0 [pid 3873] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3873] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3873] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3873] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3873] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3873] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3873] mkdir("./file0", 0777) = 0 [pid 3873] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3873] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3873] ioctl(4, LOOP_CLR_FD) = 0 [pid 3873] close(4) = 0 [pid 3873] close(3) = 0 [pid 3873] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3872] <... futex resumed>) = 0 [pid 3872] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3872] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3873] chdir("./file0") = 0 [pid 3873] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3872] <... futex resumed>) = 0 [pid 3872] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3872] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3873] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3873] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3872] <... futex resumed>) = 0 [pid 3873] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3872] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3872] <... futex resumed>) = 0 [pid 3873] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3872] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3873] <... write resumed>) = 61 [pid 3872] <... futex resumed>) = 0 [pid 3873] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3873] <... futex resumed>) = 0 [pid 3872] <... mmap resumed>) = 0x7f697cdae000 [pid 3873] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3872] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3872] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3876], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3876 [pid 3872] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3872] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3876 attached [pid 3876] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3876] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3876] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3872] <... futex resumed>) = 0 [pid 3872] exit_group(0 [pid 3873] <... futex resumed>) = ? [pid 3872] <... exit_group resumed>) = ? [pid 3873] +++ exited with 0 +++ [pid 3876] <... futex resumed>) = ? [pid 3876] +++ exited with 0 +++ [pid 3872] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3872, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./708", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./708", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./708/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./708/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./708/binderfs") = 0 umount2("./708/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./708/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./708/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./708/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./708/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./708/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./708") = 0 mkdir("./709", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3877 ./strace-static-x86_64: Process 3877 attached [pid 3877] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3877] chdir("./709") = 0 [pid 3877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3877] setpgid(0, 0) = 0 [pid 3877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3877] write(3, "1000", 4) = 4 [pid 3877] close(3) = 0 [pid 3877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3877] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3877] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3877] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3878], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3878 [pid 3877] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3877] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3878 attached [pid 3878] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3878] memfd_create("syzkaller", 0) = 3 [pid 3878] ftruncate(3, 2097152) = 0 [pid 3878] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3878] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3878] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3878] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3878] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3878] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3878] mkdir("./file0", 0777) = 0 [pid 3878] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3878] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3878] ioctl(4, LOOP_CLR_FD) = 0 [pid 3878] close(4) = 0 [pid 3878] close(3) = 0 [pid 3878] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3877] <... futex resumed>) = 0 [pid 3877] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3877] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3878] <... futex resumed>) = 1 [pid 3878] chdir("./file0") = 0 [pid 3878] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3877] <... futex resumed>) = 0 [pid 3877] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3877] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3878] <... futex resumed>) = 1 [pid 3878] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3878] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3877] <... futex resumed>) = 0 [pid 3877] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3877] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3877] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3877] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3881], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3881 [pid 3877] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3877] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3878] <... futex resumed>) = 1 [pid 3878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3878] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3878] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3881 attached [pid 3881] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3881] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3881] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3877] <... futex resumed>) = 0 [pid 3877] exit_group(0 [pid 3878] <... futex resumed>) = ? [pid 3877] <... exit_group resumed>) = ? [pid 3878] +++ exited with 0 +++ [pid 3881] +++ exited with 0 +++ [pid 3877] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3877, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./709", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./709", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./709/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./709/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./709/binderfs") = 0 umount2("./709/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./709/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./709/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./709/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./709/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./709/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./709") = 0 mkdir("./710", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3882 ./strace-static-x86_64: Process 3882 attached [pid 3882] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3882] chdir("./710") = 0 [pid 3882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3882] setpgid(0, 0) = 0 [pid 3882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3882] write(3, "1000", 4) = 4 [pid 3882] close(3) = 0 [pid 3882] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3882] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3882] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3882] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3883], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3883 [pid 3882] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3883 attached [pid 3883] set_robust_list(0x7f697cdef9e0, 24 [pid 3882] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3883] <... set_robust_list resumed>) = 0 [pid 3883] memfd_create("syzkaller", 0) = 3 [pid 3883] ftruncate(3, 2097152) = 0 [pid 3883] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3883] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3883] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3883] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3883] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3883] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3883] mkdir("./file0", 0777) = 0 [pid 3883] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3883] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3883] ioctl(4, LOOP_CLR_FD) = 0 [pid 3883] close(4) = 0 [pid 3883] close(3) = 0 [pid 3883] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3883] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3882] <... futex resumed>) = 0 [pid 3882] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3883] <... futex resumed>) = 0 [pid 3882] <... futex resumed>) = 1 [pid 3883] chdir("./file0" [pid 3882] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3883] <... chdir resumed>) = 0 [pid 3883] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3882] <... futex resumed>) = 0 [pid 3883] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3882] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3882] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3883] <... openat resumed>) = 3 [pid 3883] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3882] <... futex resumed>) = 0 [pid 3883] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3882] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3883] <... write resumed>) = 61 [pid 3882] <... futex resumed>) = 0 [pid 3883] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3882] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3883] <... futex resumed>) = 0 [pid 3882] <... futex resumed>) = 0 [pid 3883] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3882] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3882] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3886], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3886 [pid 3882] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3886 attached ) = 0 [pid 3886] set_robust_list(0x7f697cdce9e0, 24 [pid 3882] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3886] <... set_robust_list resumed>) = 0 [pid 3886] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3886] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3882] <... futex resumed>) = 0 [pid 3886] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3882] exit_group(0) = ? [pid 3883] <... futex resumed>) = ? [pid 3883] +++ exited with 0 +++ [pid 3886] <... futex resumed>) = ? [pid 3886] +++ exited with 0 +++ [pid 3882] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3882, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./710", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./710", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./710/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./710/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./710/binderfs") = 0 umount2("./710/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./710/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./710/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./710/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./710/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./710/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./710") = 0 mkdir("./711", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3887 ./strace-static-x86_64: Process 3887 attached [pid 3887] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3887] chdir("./711") = 0 [pid 3887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3887] setpgid(0, 0) = 0 [pid 3887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3887] write(3, "1000", 4) = 4 [pid 3887] close(3) = 0 [pid 3887] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3887] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3887] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3887] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3888], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3888 [pid 3887] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3887] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3888 attached [pid 3888] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3888] memfd_create("syzkaller", 0) = 3 [pid 3888] ftruncate(3, 2097152) = 0 [pid 3888] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3888] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3888] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3888] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3888] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3888] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3888] mkdir("./file0", 0777) = 0 [pid 3888] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3888] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3888] ioctl(4, LOOP_CLR_FD) = 0 [pid 3888] close(4) = 0 [pid 3888] close(3) = 0 [pid 3888] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3887] <... futex resumed>) = 0 [pid 3887] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3887] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3888] <... futex resumed>) = 1 [pid 3888] chdir("./file0") = 0 [pid 3888] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3887] <... futex resumed>) = 0 [pid 3887] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3887] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3888] <... futex resumed>) = 1 [pid 3888] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3888] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3887] <... futex resumed>) = 0 [pid 3887] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3887] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3887] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3887] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3891], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3891 [pid 3887] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3887] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3888] <... futex resumed>) = 1 [pid 3888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3888] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3888] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3891 attached [pid 3891] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3891] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3891] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3887] <... futex resumed>) = 0 [pid 3887] exit_group(0 [pid 3888] <... futex resumed>) = ? [pid 3887] <... exit_group resumed>) = ? [pid 3888] +++ exited with 0 +++ [pid 3891] <... futex resumed>) = ? [pid 3891] +++ exited with 0 +++ [pid 3887] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3887, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./711", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./711", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./711/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./711/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./711/binderfs") = 0 umount2("./711/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./711/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./711/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./711/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./711/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./711/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./711") = 0 mkdir("./712", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3892 ./strace-static-x86_64: Process 3892 attached [pid 3892] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3892] chdir("./712") = 0 [pid 3892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3892] setpgid(0, 0) = 0 [pid 3892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3892] write(3, "1000", 4) = 4 [pid 3892] close(3) = 0 [pid 3892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3892] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3892] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3892] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3893 attached , parent_tid=[3893], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3893 [pid 3892] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3893] set_robust_list(0x7f697cdef9e0, 24 [pid 3892] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3893] <... set_robust_list resumed>) = 0 [pid 3893] memfd_create("syzkaller", 0) = 3 [pid 3893] ftruncate(3, 2097152) = 0 [pid 3893] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3893] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3893] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3893] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3893] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3893] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3893] mkdir("./file0", 0777) = 0 [pid 3893] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3893] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3893] ioctl(4, LOOP_CLR_FD) = 0 [pid 3893] close(4) = 0 [pid 3893] close(3) = 0 [pid 3893] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3892] <... futex resumed>) = 0 [pid 3893] chdir("./file0" [pid 3892] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3893] <... chdir resumed>) = 0 [pid 3892] <... futex resumed>) = 0 [pid 3893] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3892] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3893] <... futex resumed>) = 0 [pid 3892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3893] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3892] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3893] <... openat resumed>) = 3 [pid 3892] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3893] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3892] <... futex resumed>) = 0 [pid 3893] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3892] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3893] <... write resumed>) = 61 [pid 3892] <... futex resumed>) = 0 [pid 3893] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3892] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3893] <... futex resumed>) = 0 [pid 3892] <... futex resumed>) = 0 [pid 3893] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3892] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3892] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3896], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3896 [pid 3892] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3892] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3896 attached [pid 3896] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3896] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3896] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3892] <... futex resumed>) = 0 [pid 3892] exit_group(0 [pid 3893] <... futex resumed>) = ? [pid 3892] <... exit_group resumed>) = ? [pid 3893] +++ exited with 0 +++ [pid 3896] +++ exited with 0 +++ [pid 3892] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3892, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./712", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./712", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./712/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./712/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./712/binderfs") = 0 umount2("./712/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./712/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./712/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./712/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./712/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./712/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./712") = 0 mkdir("./713", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3897 ./strace-static-x86_64: Process 3897 attached [pid 3897] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3897] chdir("./713") = 0 [pid 3897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3897] setpgid(0, 0) = 0 [pid 3897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3897] write(3, "1000", 4) = 4 [pid 3897] close(3) = 0 [pid 3897] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3897] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3897] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3897] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3898], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3898 [pid 3897] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3897] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3898 attached [pid 3898] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3898] memfd_create("syzkaller", 0) = 3 [pid 3898] ftruncate(3, 2097152) = 0 [pid 3898] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3898] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3898] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3898] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3898] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3898] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3898] mkdir("./file0", 0777) = 0 [pid 3898] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3898] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3898] ioctl(4, LOOP_CLR_FD) = 0 [pid 3898] close(4) = 0 [pid 3898] close(3) = 0 [pid 3898] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3897] <... futex resumed>) = 0 [pid 3897] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3897] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3898] <... futex resumed>) = 1 [pid 3898] chdir("./file0") = 0 [pid 3898] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3897] <... futex resumed>) = 0 [pid 3897] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3897] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3898] <... futex resumed>) = 1 [pid 3898] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3898] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3897] <... futex resumed>) = 0 [pid 3897] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3897] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3897] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3897] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3898] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3897] <... clone resumed>, parent_tid=[3901], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3901 [pid 3897] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3897] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3898] <... write resumed>) = 61 ./strace-static-x86_64: Process 3901 attached [pid 3901] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3901] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3898] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3901] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3901] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3897] <... futex resumed>) = 0 [pid 3897] exit_group(0) = ? [pid 3901] <... futex resumed>) = ? [pid 3901] +++ exited with 0 +++ [pid 3898] +++ exited with 0 +++ [pid 3897] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3897, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./713", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./713", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./713/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./713/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./713/binderfs") = 0 umount2("./713/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./713/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./713/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./713/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./713/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./713/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./713") = 0 mkdir("./714", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3902 ./strace-static-x86_64: Process 3902 attached [pid 3902] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3902] chdir("./714") = 0 [pid 3902] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3902] setpgid(0, 0) = 0 [pid 3902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3902] write(3, "1000", 4) = 4 [pid 3902] close(3) = 0 [pid 3902] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3902] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3902] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3902] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3902] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3903], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3903 [pid 3902] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3902] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3903 attached [pid 3903] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3903] memfd_create("syzkaller", 0) = 3 [pid 3903] ftruncate(3, 2097152) = 0 [pid 3903] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3903] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3903] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3903] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3903] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3903] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3903] mkdir("./file0", 0777) = 0 [pid 3903] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3903] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3903] ioctl(4, LOOP_CLR_FD) = 0 [pid 3903] close(4) = 0 [pid 3903] close(3) = 0 [pid 3903] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3903] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3902] <... futex resumed>) = 0 [pid 3902] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3902] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3903] <... futex resumed>) = 0 [pid 3903] chdir("./file0") = 0 [pid 3903] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3902] <... futex resumed>) = 0 [pid 3902] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3902] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3903] <... futex resumed>) = 1 [pid 3903] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3903] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3902] <... futex resumed>) = 0 [pid 3902] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3902] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3902] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3902] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3902] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3906 attached , parent_tid=[3906], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3906 [pid 3902] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3902] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3903] <... futex resumed>) = 1 [pid 3903] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3906] set_robust_list(0x7f697cdce9e0, 24 [pid 3903] <... write resumed>) = 61 [pid 3906] <... set_robust_list resumed>) = 0 [pid 3903] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3903] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3906] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3906] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3902] <... futex resumed>) = 0 [pid 3902] exit_group(0) = ? [pid 3903] <... futex resumed>) = ? [pid 3903] +++ exited with 0 +++ [pid 3906] <... futex resumed>) = ? [pid 3906] +++ exited with 0 +++ [pid 3902] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3902, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./714", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./714", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./714/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./714/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./714/binderfs") = 0 umount2("./714/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./714/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./714/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./714/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./714/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./714/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./714") = 0 mkdir("./715", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3907 ./strace-static-x86_64: Process 3907 attached [pid 3907] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3907] chdir("./715") = 0 [pid 3907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3907] setpgid(0, 0) = 0 [pid 3907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3907] write(3, "1000", 4) = 4 [pid 3907] close(3) = 0 [pid 3907] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3907] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3907] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3907] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3908], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3908 [pid 3907] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3907] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3908 attached [pid 3908] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3908] memfd_create("syzkaller", 0) = 3 [pid 3908] ftruncate(3, 2097152) = 0 [pid 3908] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3908] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3908] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3908] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3908] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3908] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3908] mkdir("./file0", 0777) = 0 [pid 3908] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3908] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3908] ioctl(4, LOOP_CLR_FD) = 0 [pid 3908] close(4) = 0 [pid 3908] close(3) = 0 [pid 3908] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3907] <... futex resumed>) = 0 [pid 3908] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3907] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3908] chdir("./file0" [pid 3907] <... futex resumed>) = 0 [pid 3908] <... chdir resumed>) = 0 [pid 3907] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3908] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3908] <... futex resumed>) = 0 [pid 3908] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3907] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3908] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3907] <... futex resumed>) = 0 [pid 3907] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3908] <... openat resumed>) = 3 [pid 3908] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3907] <... futex resumed>) = 0 [pid 3907] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3907] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3908] <... futex resumed>) = 1 [pid 3907] <... futex resumed>) = 0 [pid 3907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3907] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3907] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3911], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3911 [pid 3907] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3907] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3911 attached [pid 3911] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3911] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3908] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3908] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3911] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3911] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3907] <... futex resumed>) = 0 [pid 3907] exit_group(0) = ? [pid 3908] <... futex resumed>) = ? [pid 3908] +++ exited with 0 +++ [pid 3911] <... futex resumed>) = ? [pid 3911] +++ exited with 0 +++ [pid 3907] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3907, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./715", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./715", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./715/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./715/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./715/binderfs") = 0 umount2("./715/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./715/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./715/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./715/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./715/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./715/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./715") = 0 mkdir("./716", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3912 ./strace-static-x86_64: Process 3912 attached [pid 3912] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3912] chdir("./716") = 0 [pid 3912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3912] setpgid(0, 0) = 0 [pid 3912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3912] write(3, "1000", 4) = 4 [pid 3912] close(3) = 0 [pid 3912] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3912] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3912] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3912] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3913], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3913 [pid 3912] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3913 attached [pid 3913] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3913] memfd_create("syzkaller", 0) = 3 [pid 3913] ftruncate(3, 2097152) = 0 [pid 3913] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3913] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3913] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3913] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3913] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3913] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3913] mkdir("./file0", 0777) = 0 [pid 3913] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3913] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3913] ioctl(4, LOOP_CLR_FD) = 0 [pid 3913] close(4) = 0 [pid 3913] close(3) = 0 [pid 3913] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3912] <... futex resumed>) = 0 [pid 3912] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3913] <... futex resumed>) = 1 [pid 3913] chdir("./file0") = 0 [pid 3913] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3912] <... futex resumed>) = 0 [pid 3912] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3913] <... futex resumed>) = 1 [pid 3913] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3913] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3912] <... futex resumed>) = 0 [pid 3912] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3912] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3912] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3916], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3916 [pid 3912] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3913] <... futex resumed>) = 1 [pid 3913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61./strace-static-x86_64: Process 3916 attached ) = 61 [pid 3913] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3913] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3916] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3916] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3916] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3912] <... futex resumed>) = 0 [pid 3912] exit_group(0) = ? [pid 3913] <... futex resumed>) = ? [pid 3913] +++ exited with 0 +++ [pid 3916] <... futex resumed>) = ? [pid 3916] +++ exited with 0 +++ [pid 3912] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3912, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./716", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./716", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./716/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./716/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./716/binderfs") = 0 umount2("./716/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./716/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./716/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./716/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./716/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./716/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./716") = 0 mkdir("./717", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3917 ./strace-static-x86_64: Process 3917 attached [pid 3917] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3917] chdir("./717") = 0 [pid 3917] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3917] setpgid(0, 0) = 0 [pid 3917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3917] write(3, "1000", 4) = 4 [pid 3917] close(3) = 0 [pid 3917] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3917] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3917] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3917] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3918], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3918 [pid 3917] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3917] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3918 attached [pid 3918] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3918] memfd_create("syzkaller", 0) = 3 [pid 3918] ftruncate(3, 2097152) = 0 [pid 3918] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3918] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3918] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3918] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3918] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3918] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3918] mkdir("./file0", 0777) = 0 [pid 3918] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3918] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3918] ioctl(4, LOOP_CLR_FD) = 0 [pid 3918] close(4) = 0 [pid 3918] close(3) = 0 [pid 3918] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3917] <... futex resumed>) = 0 [pid 3917] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3917] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3918] chdir("./file0") = 0 [pid 3918] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3917] <... futex resumed>) = 0 [pid 3917] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3917] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3918] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3918] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3917] <... futex resumed>) = 0 [pid 3918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3917] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3918] <... write resumed>) = 61 [pid 3917] <... futex resumed>) = 0 [pid 3918] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3917] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3918] <... futex resumed>) = 0 [pid 3917] <... futex resumed>) = 0 [pid 3918] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3917] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3917] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3921 attached , parent_tid=[3921], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3921 [pid 3917] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3917] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3921] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3921] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3921] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3917] <... futex resumed>) = 0 [pid 3917] exit_group(0) = ? [pid 3921] +++ exited with 0 +++ [pid 3918] <... futex resumed>) = ? [pid 3918] +++ exited with 0 +++ [pid 3917] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3917, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./717", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./717", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./717/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./717/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./717/binderfs") = 0 umount2("./717/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./717/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./717/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./717/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./717/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./717/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./717") = 0 mkdir("./718", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3922 ./strace-static-x86_64: Process 3922 attached [pid 3922] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3922] chdir("./718") = 0 [pid 3922] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3922] setpgid(0, 0) = 0 [pid 3922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3922] write(3, "1000", 4) = 4 [pid 3922] close(3) = 0 [pid 3922] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3922] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3922] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3922] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3922] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3923], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3923 [pid 3922] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3922] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3923 attached [pid 3923] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3923] memfd_create("syzkaller", 0) = 3 [pid 3923] ftruncate(3, 2097152) = 0 [pid 3923] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3923] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3923] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3923] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3923] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3923] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3923] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3923] mkdir("./file0", 0777) = 0 [pid 3923] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3923] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3923] ioctl(4, LOOP_CLR_FD) = 0 [pid 3923] close(4) = 0 [pid 3923] close(3) = 0 [pid 3923] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3922] <... futex resumed>) = 0 [pid 3922] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3922] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3923] <... futex resumed>) = 1 [pid 3923] chdir("./file0") = 0 [pid 3923] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3922] <... futex resumed>) = 0 [pid 3922] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3922] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3923] <... futex resumed>) = 1 [pid 3923] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3923] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3922] <... futex resumed>) = 0 [pid 3922] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3922] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3922] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3922] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3922] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3926], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3926 [pid 3922] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3922] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3923] <... futex resumed>) = 1 [pid 3923] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3923] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3923] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3926 attached [pid 3926] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3926] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3926] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3922] <... futex resumed>) = 0 [pid 3922] exit_group(0) = ? [pid 3926] <... futex resumed>) = ? [pid 3923] <... futex resumed>) = ? [pid 3923] +++ exited with 0 +++ [pid 3926] +++ exited with 0 +++ [pid 3922] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3922, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./718", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./718", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./718/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./718/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./718/binderfs") = 0 umount2("./718/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./718/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./718/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./718/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./718/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./718/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./718") = 0 mkdir("./719", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3927 ./strace-static-x86_64: Process 3927 attached [pid 3927] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3927] chdir("./719") = 0 [pid 3927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3927] setpgid(0, 0) = 0 [pid 3927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3927] write(3, "1000", 4) = 4 [pid 3927] close(3) = 0 [pid 3927] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3927] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3927] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3927] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3928], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3928 [pid 3927] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3927] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3928 attached [pid 3928] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3928] memfd_create("syzkaller", 0) = 3 [pid 3928] ftruncate(3, 2097152) = 0 [pid 3928] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3928] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3928] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3928] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3928] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3928] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3928] mkdir("./file0", 0777) = 0 [pid 3928] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3928] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3928] ioctl(4, LOOP_CLR_FD) = 0 [pid 3928] close(4) = 0 [pid 3928] close(3) = 0 [pid 3928] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3927] <... futex resumed>) = 0 [pid 3927] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3928] chdir("./file0" [pid 3927] <... futex resumed>) = 0 [pid 3927] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3928] <... chdir resumed>) = 0 [pid 3928] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3927] <... futex resumed>) = 0 [pid 3927] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3927] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3928] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3928] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3927] <... futex resumed>) = 0 [pid 3927] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3927] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3927] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3927] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3931], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3931 ./strace-static-x86_64: Process 3931 attached [pid 3928] <... futex resumed>) = 1 [pid 3927] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3927] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3931] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3931] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3931] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3928] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 3931] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3928] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3928] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3931] <... futex resumed>) = 1 [pid 3931] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3927] <... futex resumed>) = 0 [pid 3927] exit_group(0) = ? [pid 3928] <... futex resumed>) = 231 [pid 3931] <... futex resumed>) = ? [pid 3928] +++ exited with 0 +++ [pid 3931] +++ exited with 0 +++ [pid 3927] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3927, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./719", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./719", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./719/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./719/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./719/binderfs") = 0 umount2("./719/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./719/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./719/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./719/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./719/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./719/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./719") = 0 mkdir("./720", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3932 ./strace-static-x86_64: Process 3932 attached [pid 3932] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3932] chdir("./720") = 0 [pid 3932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3932] setpgid(0, 0) = 0 [pid 3932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3932] write(3, "1000", 4) = 4 [pid 3932] close(3) = 0 [pid 3932] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3932] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3932] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3932] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3933], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3933 [pid 3932] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3932] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3933 attached [pid 3933] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3933] memfd_create("syzkaller", 0) = 3 [pid 3933] ftruncate(3, 2097152) = 0 [pid 3933] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3933] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3933] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3933] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3933] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3933] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3933] mkdir("./file0", 0777) = 0 [pid 3933] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3933] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3933] ioctl(4, LOOP_CLR_FD) = 0 [pid 3933] close(4) = 0 [pid 3933] close(3) = 0 [pid 3933] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3932] <... futex resumed>) = 0 [pid 3932] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3932] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3933] chdir("./file0") = 0 [pid 3933] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3932] <... futex resumed>) = 0 [pid 3932] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3932] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3933] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3933] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3932] <... futex resumed>) = 0 [pid 3932] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3932] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3933] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3932] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3932] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3933] <... write resumed>) = 61 [pid 3932] <... clone resumed>, parent_tid=[3936], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3936 ./strace-static-x86_64: Process 3936 attached [pid 3932] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3932] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3936] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3936] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3933] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3933] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3936] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3936] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3932] <... futex resumed>) = 0 [pid 3932] exit_group(0) = ? [pid 3936] <... futex resumed>) = ? [pid 3936] +++ exited with 0 +++ [pid 3933] <... futex resumed>) = ? [pid 3933] +++ exited with 0 +++ [pid 3932] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3932, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./720", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./720", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./720/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./720/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./720/binderfs") = 0 umount2("./720/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./720/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./720/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./720/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./720/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./720/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./720") = 0 mkdir("./721", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3937 ./strace-static-x86_64: Process 3937 attached [pid 3937] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3937] chdir("./721") = 0 [pid 3937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3937] setpgid(0, 0) = 0 [pid 3937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3937] write(3, "1000", 4) = 4 [pid 3937] close(3) = 0 [pid 3937] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3937] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3937] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3937] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3937] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3938], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3938 [pid 3937] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3937] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3938 attached [pid 3938] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3938] memfd_create("syzkaller", 0) = 3 [pid 3938] ftruncate(3, 2097152) = 0 [pid 3938] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3938] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3938] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3938] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3938] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3938] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3938] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3938] mkdir("./file0", 0777) = 0 [pid 3938] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3938] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3938] ioctl(4, LOOP_CLR_FD) = 0 [pid 3938] close(4) = 0 [pid 3938] close(3) = 0 [pid 3938] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3937] <... futex resumed>) = 0 [pid 3937] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3937] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3938] <... futex resumed>) = 1 [pid 3938] chdir("./file0") = 0 [pid 3938] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3937] <... futex resumed>) = 0 [pid 3937] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3937] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3938] <... futex resumed>) = 1 [pid 3938] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3938] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3937] <... futex resumed>) = 0 [pid 3937] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3937] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3937] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3937] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3937] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3941], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3941 [pid 3937] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3937] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3938] <... futex resumed>) = 1 [pid 3938] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3938] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3938] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3941 attached [pid 3941] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3941] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3941] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3937] <... futex resumed>) = 0 [pid 3937] exit_group(0 [pid 3938] <... futex resumed>) = ? [pid 3937] <... exit_group resumed>) = ? [pid 3938] +++ exited with 0 +++ [pid 3941] <... futex resumed>) = ? [pid 3941] +++ exited with 0 +++ [pid 3937] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3937, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./721", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./721", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./721/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./721/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./721/binderfs") = 0 umount2("./721/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./721/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./721/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./721/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./721/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./721/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./721") = 0 mkdir("./722", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3942 ./strace-static-x86_64: Process 3942 attached [pid 3942] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3942] chdir("./722") = 0 [pid 3942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3942] setpgid(0, 0) = 0 [pid 3942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3942] write(3, "1000", 4) = 4 [pid 3942] close(3) = 0 [pid 3942] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3942] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3942] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3942] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3943], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3943 [pid 3942] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3942] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3943 attached [pid 3943] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3943] memfd_create("syzkaller", 0) = 3 [pid 3943] ftruncate(3, 2097152) = 0 [pid 3943] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3943] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3943] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3943] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3943] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3943] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3943] mkdir("./file0", 0777) = 0 [pid 3943] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3943] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3943] ioctl(4, LOOP_CLR_FD) = 0 [pid 3943] close(4) = 0 [pid 3943] close(3) = 0 [pid 3943] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3942] <... futex resumed>) = 0 [pid 3942] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3942] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3943] <... futex resumed>) = 1 [pid 3943] chdir("./file0") = 0 [pid 3943] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3942] <... futex resumed>) = 0 [pid 3942] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3942] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3943] <... futex resumed>) = 1 [pid 3943] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3943] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3942] <... futex resumed>) = 0 [pid 3942] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3942] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3942] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3942] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3946], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3946 [pid 3942] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3942] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3943] <... futex resumed>) = 1 [pid 3943] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3943] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3943] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3946 attached [pid 3946] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3946] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3946] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3942] <... futex resumed>) = 0 [pid 3942] exit_group(0) = ? [pid 3943] <... futex resumed>) = ? [pid 3943] +++ exited with 0 +++ [pid 3946] <... futex resumed>) = ? [pid 3946] +++ exited with 0 +++ [pid 3942] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3942, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./722", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./722", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./722/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./722/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./722/binderfs") = 0 umount2("./722/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./722/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./722/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./722/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./722/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./722/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./722") = 0 mkdir("./723", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3947 ./strace-static-x86_64: Process 3947 attached [pid 3947] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3947] chdir("./723") = 0 [pid 3947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3947] setpgid(0, 0) = 0 [pid 3947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3947] write(3, "1000", 4) = 4 [pid 3947] close(3) = 0 [pid 3947] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3947] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3947] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3947] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3948], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3948 [pid 3947] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3947] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3948 attached [pid 3948] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3948] memfd_create("syzkaller", 0) = 3 [pid 3948] ftruncate(3, 2097152) = 0 [pid 3948] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3948] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3948] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3948] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3948] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3948] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3948] mkdir("./file0", 0777) = 0 [pid 3948] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3948] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3948] ioctl(4, LOOP_CLR_FD) = 0 [pid 3948] close(4) = 0 [pid 3948] close(3) = 0 [pid 3948] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3947] <... futex resumed>) = 0 [pid 3947] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3947] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3948] <... futex resumed>) = 1 [pid 3948] chdir("./file0") = 0 [pid 3948] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3947] <... futex resumed>) = 0 [pid 3947] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3947] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3948] <... futex resumed>) = 1 [pid 3948] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3948] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3947] <... futex resumed>) = 0 [pid 3947] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3947] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3947] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3947] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3951], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3951 [pid 3947] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3947] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3948] <... futex resumed>) = 1 [pid 3948] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3948] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3948] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3951 attached [pid 3951] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3951] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3951] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3947] <... futex resumed>) = 0 [pid 3947] exit_group(0) = ? [pid 3948] <... futex resumed>) = ? [pid 3948] +++ exited with 0 +++ [pid 3951] <... futex resumed>) = ? [pid 3951] +++ exited with 0 +++ [pid 3947] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3947, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./723", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./723", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./723/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./723/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./723/binderfs") = 0 umount2("./723/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./723/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./723/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./723/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./723/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./723/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./723") = 0 mkdir("./724", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3952 ./strace-static-x86_64: Process 3952 attached [pid 3952] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3952] chdir("./724") = 0 [pid 3952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3952] setpgid(0, 0) = 0 [pid 3952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3952] write(3, "1000", 4) = 4 [pid 3952] close(3) = 0 [pid 3952] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3952] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3952] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3952] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3953], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3953 [pid 3952] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3952] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3953 attached [pid 3953] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3953] memfd_create("syzkaller", 0) = 3 [pid 3953] ftruncate(3, 2097152) = 0 [pid 3953] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3953] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3953] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3953] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3953] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3953] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3953] mkdir("./file0", 0777) = 0 [pid 3953] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3953] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3953] ioctl(4, LOOP_CLR_FD) = 0 [pid 3953] close(4) = 0 [pid 3953] close(3) = 0 [pid 3953] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3952] <... futex resumed>) = 0 [pid 3952] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3952] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3953] chdir("./file0") = 0 [pid 3953] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3952] <... futex resumed>) = 0 [pid 3952] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3952] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3953] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3953] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3952] <... futex resumed>) = 0 [pid 3952] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3952] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3952] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3953] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3952] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3953] <... write resumed>) = 61 ./strace-static-x86_64: Process 3956 attached [pid 3952] <... clone resumed>, parent_tid=[3956], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3956 [pid 3952] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3952] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3956] set_robust_list(0x7f697cdce9e0, 24 [pid 3953] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3956] <... set_robust_list resumed>) = 0 [pid 3953] <... futex resumed>) = 0 [pid 3956] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3953] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3956] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3956] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3952] <... futex resumed>) = 0 [pid 3956] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3952] exit_group(0) = ? [pid 3956] <... futex resumed>) = ? [pid 3953] <... futex resumed>) = ? [pid 3953] +++ exited with 0 +++ [pid 3956] +++ exited with 0 +++ [pid 3952] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3952, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./724", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./724", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./724/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./724/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./724/binderfs") = 0 umount2("./724/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./724/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./724/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./724/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./724/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./724/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./724") = 0 mkdir("./725", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3957 ./strace-static-x86_64: Process 3957 attached [pid 3957] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3957] chdir("./725") = 0 [pid 3957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3957] setpgid(0, 0) = 0 [pid 3957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3957] write(3, "1000", 4) = 4 [pid 3957] close(3) = 0 [pid 3957] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3957] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3957] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3957] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3958], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3958 [pid 3957] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3957] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3958 attached [pid 3958] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3958] memfd_create("syzkaller", 0) = 3 [pid 3958] ftruncate(3, 2097152) = 0 [pid 3958] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3958] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3958] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3958] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3958] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3958] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3958] mkdir("./file0", 0777) = 0 [pid 3958] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3958] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3958] ioctl(4, LOOP_CLR_FD) = 0 [pid 3958] close(4) = 0 [pid 3958] close(3) = 0 [pid 3958] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3957] <... futex resumed>) = 0 [pid 3957] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3957] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3958] <... futex resumed>) = 1 [pid 3958] chdir("./file0") = 0 [pid 3958] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3957] <... futex resumed>) = 0 [pid 3957] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3957] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3958] <... futex resumed>) = 1 [pid 3958] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3958] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3957] <... futex resumed>) = 0 [pid 3957] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3957] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3957] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3957] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3961], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3961 [pid 3957] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3957] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3958] <... futex resumed>) = 1 [pid 3958] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3958] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3958] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3961 attached [pid 3961] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3961] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3961] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3957] <... futex resumed>) = 0 [pid 3957] exit_group(0 [pid 3958] <... futex resumed>) = ? [pid 3957] <... exit_group resumed>) = ? [pid 3958] +++ exited with 0 +++ [pid 3961] <... futex resumed>) = ? [pid 3961] +++ exited with 0 +++ [pid 3957] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3957, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./725", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./725", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./725/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./725/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./725/binderfs") = 0 umount2("./725/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./725/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./725/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./725/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./725/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./725/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./725") = 0 mkdir("./726", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3962 ./strace-static-x86_64: Process 3962 attached [pid 3962] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3962] chdir("./726") = 0 [pid 3962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3962] setpgid(0, 0) = 0 [pid 3962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3962] write(3, "1000", 4) = 4 [pid 3962] close(3) = 0 [pid 3962] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3962] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3962] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3962] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3963], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3963 [pid 3962] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3962] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3963 attached [pid 3963] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3963] memfd_create("syzkaller", 0) = 3 [pid 3963] ftruncate(3, 2097152) = 0 [pid 3963] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3963] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3963] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3963] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3963] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3963] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3963] mkdir("./file0", 0777) = 0 [pid 3963] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3963] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3963] ioctl(4, LOOP_CLR_FD) = 0 [pid 3963] close(4) = 0 [pid 3963] close(3) = 0 [pid 3963] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3962] <... futex resumed>) = 0 [pid 3962] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3962] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3963] <... futex resumed>) = 1 [pid 3963] chdir("./file0") = 0 [pid 3963] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3962] <... futex resumed>) = 0 [pid 3962] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3962] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3963] <... futex resumed>) = 1 [pid 3963] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3963] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3962] <... futex resumed>) = 0 [pid 3962] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3962] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3962] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3962] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3966], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3966 [pid 3962] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3962] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3963] <... futex resumed>) = 1 [pid 3963] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 3963] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3963] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3966 attached [pid 3966] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3966] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3966] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3962] <... futex resumed>) = 0 [pid 3962] exit_group(0) = ? [pid 3963] <... futex resumed>) = ? [pid 3963] +++ exited with 0 +++ [pid 3966] <... futex resumed>) = ? [pid 3966] +++ exited with 0 +++ [pid 3962] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3962, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./726", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./726", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./726/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./726/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./726/binderfs") = 0 umount2("./726/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./726/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./726/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./726/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./726/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./726/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./726") = 0 mkdir("./727", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3967 ./strace-static-x86_64: Process 3967 attached [pid 3967] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3967] chdir("./727") = 0 [pid 3967] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3967] setpgid(0, 0) = 0 [pid 3967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3967] write(3, "1000", 4) = 4 [pid 3967] close(3) = 0 [pid 3967] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3967] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3967] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3967] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3968], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3968 [pid 3967] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3967] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3968 attached [pid 3968] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3968] memfd_create("syzkaller", 0) = 3 [pid 3968] ftruncate(3, 2097152) = 0 [pid 3968] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3968] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3968] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3968] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3968] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3968] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3968] mkdir("./file0", 0777) = 0 [pid 3968] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3968] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3968] ioctl(4, LOOP_CLR_FD) = 0 [pid 3968] close(4) = 0 [pid 3968] close(3) = 0 [pid 3968] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3967] <... futex resumed>) = 0 [pid 3967] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3967] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3968] <... futex resumed>) = 1 [pid 3968] chdir("./file0") = 0 [pid 3968] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3967] <... futex resumed>) = 0 [pid 3967] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3967] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3968] <... futex resumed>) = 1 [pid 3968] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3968] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3967] <... futex resumed>) = 0 [pid 3967] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3967] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3967] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3967] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3971], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3971 [pid 3967] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3967] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3968] <... futex resumed>) = 1 [pid 3968] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61./strace-static-x86_64: Process 3971 attached [pid 3971] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3971] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3968] <... write resumed>) = 61 [pid 3968] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3968] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3971] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3967] <... futex resumed>) = 0 [pid 3967] exit_group(0) = ? [pid 3971] <... futex resumed>) = ? [pid 3968] <... futex resumed>) = ? [pid 3968] +++ exited with 0 +++ [pid 3971] +++ exited with 0 +++ [pid 3967] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3967, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./727", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./727", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./727/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./727/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./727/binderfs") = 0 umount2("./727/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./727/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./727/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./727/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./727/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./727/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./727") = 0 mkdir("./728", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3972 ./strace-static-x86_64: Process 3972 attached [pid 3972] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3972] chdir("./728") = 0 [pid 3972] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3972] setpgid(0, 0) = 0 [pid 3972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3972] write(3, "1000", 4) = 4 [pid 3972] close(3) = 0 [pid 3972] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3972] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3972] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3972] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3973], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3973 [pid 3972] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3972] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3973 attached [pid 3973] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3973] memfd_create("syzkaller", 0) = 3 [pid 3973] ftruncate(3, 2097152) = 0 [pid 3973] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3973] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3973] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3973] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3973] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3973] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3973] mkdir("./file0", 0777) = 0 [pid 3973] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3973] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3973] ioctl(4, LOOP_CLR_FD) = 0 [pid 3973] close(4) = 0 [pid 3973] close(3) = 0 [pid 3973] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3972] <... futex resumed>) = 0 [pid 3972] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3972] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3973] <... futex resumed>) = 1 [pid 3973] chdir("./file0") = 0 [pid 3973] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3972] <... futex resumed>) = 0 [pid 3972] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3972] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3973] <... futex resumed>) = 1 [pid 3973] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3973] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3972] <... futex resumed>) = 0 [pid 3972] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3972] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3972] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3972] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3976 attached [pid 3973] <... futex resumed>) = 1 [pid 3973] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3972] <... clone resumed>, parent_tid=[3976], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3976 [pid 3972] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3972] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3973] <... write resumed>) = 61 [pid 3973] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3973] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3976] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3976] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3976] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3972] <... futex resumed>) = 0 [pid 3972] exit_group(0) = ? [pid 3976] <... futex resumed>) = 231 [pid 3973] <... futex resumed>) = ? [pid 3976] +++ exited with 0 +++ [pid 3973] +++ exited with 0 +++ [pid 3972] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3972, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./728", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./728", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./728/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./728/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./728/binderfs") = 0 umount2("./728/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./728/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./728/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./728/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./728/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./728/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./728") = 0 mkdir("./729", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3977 ./strace-static-x86_64: Process 3977 attached [pid 3977] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3977] chdir("./729") = 0 [pid 3977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3977] setpgid(0, 0) = 0 [pid 3977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3977] write(3, "1000", 4) = 4 [pid 3977] close(3) = 0 [pid 3977] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3977] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3977] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3977] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3978], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3978 [pid 3977] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3977] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3978 attached [pid 3978] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3978] memfd_create("syzkaller", 0) = 3 [pid 3978] ftruncate(3, 2097152) = 0 [pid 3978] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3978] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3978] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3978] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3978] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3978] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3978] mkdir("./file0", 0777) = 0 [pid 3978] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3978] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3978] ioctl(4, LOOP_CLR_FD) = 0 [pid 3978] close(4) = 0 [pid 3978] close(3) = 0 [pid 3978] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3977] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] chdir("./file0" [pid 3977] <... futex resumed>) = 0 [pid 3977] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... chdir resumed>) = 0 [pid 3978] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3977] <... futex resumed>) = 0 [pid 3978] <... futex resumed>) = 1 [pid 3977] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3977] <... futex resumed>) = 0 [pid 3977] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... openat resumed>) = 3 [pid 3978] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3977] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3977] <... futex resumed>) = 0 [pid 3977] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3978] <... write resumed>) = 61 [pid 3977] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3978] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3977] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3981 attached [pid 3978] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3981] set_robust_list(0x7f697cdce9e0, 24 [pid 3977] <... clone resumed>, parent_tid=[3981], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3981 [pid 3981] <... set_robust_list resumed>) = 0 [pid 3977] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3981] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3977] <... futex resumed>) = 0 [pid 3977] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3981] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3981] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3977] <... futex resumed>) = 0 [pid 3977] exit_group(0) = ? [pid 3978] <... futex resumed>) = ? [pid 3978] +++ exited with 0 +++ [pid 3981] <... futex resumed>) = ? [pid 3981] +++ exited with 0 +++ [pid 3977] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3977, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./729", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./729", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./729/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./729/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./729/binderfs") = 0 umount2("./729/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./729/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./729/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./729/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./729/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./729/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./729") = 0 mkdir("./730", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3982 ./strace-static-x86_64: Process 3982 attached [pid 3982] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3982] chdir("./730") = 0 [pid 3982] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3982] setpgid(0, 0) = 0 [pid 3982] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3982] write(3, "1000", 4) = 4 [pid 3982] close(3) = 0 [pid 3982] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3982] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3982] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3982] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3983], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3983 [pid 3982] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3982] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3983 attached [pid 3983] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3983] memfd_create("syzkaller", 0) = 3 [pid 3983] ftruncate(3, 2097152) = 0 [pid 3983] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3983] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3983] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3983] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3983] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3983] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3983] mkdir("./file0", 0777) = 0 [pid 3983] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3983] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3983] ioctl(4, LOOP_CLR_FD) = 0 [pid 3983] close(4) = 0 [pid 3983] close(3) = 0 [pid 3983] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3982] <... futex resumed>) = 0 [pid 3983] chdir("./file0" [pid 3982] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3983] <... chdir resumed>) = 0 [pid 3982] <... futex resumed>) = 0 [pid 3983] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3982] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3983] <... futex resumed>) = 0 [pid 3982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3983] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3982] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3982] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3983] <... openat resumed>) = 3 [pid 3983] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3982] <... futex resumed>) = 0 [pid 3983] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3982] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3983] <... write resumed>) = 61 [pid 3982] <... futex resumed>) = 0 [pid 3983] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3982] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3983] <... futex resumed>) = 0 [pid 3982] <... futex resumed>) = 0 [pid 3983] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3982] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3982] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3986], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3986 [pid 3982] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3982] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3986 attached [pid 3986] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3986] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3986] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3982] <... futex resumed>) = 0 [pid 3982] exit_group(0) = ? [pid 3983] <... futex resumed>) = ? [pid 3983] +++ exited with 0 +++ [pid 3986] +++ exited with 0 +++ [pid 3982] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3982, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./730", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./730", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./730/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./730/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./730/binderfs") = 0 umount2("./730/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./730/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./730/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./730/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./730/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./730/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./730") = 0 mkdir("./731", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3987 ./strace-static-x86_64: Process 3987 attached [pid 3987] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3987] chdir("./731") = 0 [pid 3987] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3987] setpgid(0, 0) = 0 [pid 3987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3987] write(3, "1000", 4) = 4 [pid 3987] close(3) = 0 [pid 3987] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3987] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3987] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3987] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3988], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3988 [pid 3987] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3987] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3988 attached [pid 3988] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3988] memfd_create("syzkaller", 0) = 3 [pid 3988] ftruncate(3, 2097152) = 0 [pid 3988] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3988] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3988] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3988] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3988] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3988] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3988] mkdir("./file0", 0777) = 0 [pid 3988] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3988] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3988] ioctl(4, LOOP_CLR_FD) = 0 [pid 3988] close(4) = 0 [pid 3988] close(3) = 0 [pid 3988] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3987] <... futex resumed>) = 0 [pid 3987] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3987] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3988] chdir("./file0") = 0 [pid 3988] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3987] <... futex resumed>) = 0 [pid 3987] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3987] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3988] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3988] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3987] <... futex resumed>) = 0 [pid 3987] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3987] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3988] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3987] <... futex resumed>) = 0 [pid 3988] <... write resumed>) = 61 [pid 3987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3988] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3987] <... mmap resumed>) = 0x7f697cdae000 [pid 3988] <... futex resumed>) = 0 [pid 3987] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 3988] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3987] <... mprotect resumed>) = 0 [pid 3987] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3991], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3991 [pid 3987] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3987] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3991 attached [pid 3991] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3991] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 3991] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3987] <... futex resumed>) = 0 [pid 3987] exit_group(0 [pid 3988] <... futex resumed>) = ? [pid 3987] <... exit_group resumed>) = ? [pid 3988] +++ exited with 0 +++ [pid 3991] <... futex resumed>) = ? [pid 3991] +++ exited with 0 +++ [pid 3987] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3987, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./731", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./731", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./731/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./731/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./731/binderfs") = 0 umount2("./731/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./731/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./731/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./731/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./731/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./731/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./731") = 0 mkdir("./732", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3992 ./strace-static-x86_64: Process 3992 attached [pid 3992] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3992] chdir("./732") = 0 [pid 3992] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3992] setpgid(0, 0) = 0 [pid 3992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3992] write(3, "1000", 4) = 4 [pid 3992] close(3) = 0 [pid 3992] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3992] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3992] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3992] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3993], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3993 [pid 3992] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3992] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3993 attached [pid 3993] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3993] memfd_create("syzkaller", 0) = 3 [pid 3993] ftruncate(3, 2097152) = 0 [pid 3993] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3993] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3993] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3993] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3993] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3993] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3993] mkdir("./file0", 0777) = 0 [pid 3993] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3993] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3993] ioctl(4, LOOP_CLR_FD) = 0 [pid 3993] close(4) = 0 [pid 3993] close(3) = 0 [pid 3993] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3992] <... futex resumed>) = 0 [pid 3992] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3992] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3993] chdir("./file0") = 0 [pid 3993] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3992] <... futex resumed>) = 0 [pid 3992] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3992] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3993] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3993] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3992] <... futex resumed>) = 0 [pid 3992] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3992] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3992] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3992] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3996], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 3996 [pid 3992] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3992] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3996 attached [pid 3996] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 3996] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 3993] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 3996] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 3996] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3992] <... futex resumed>) = 0 [pid 3996] <... futex resumed>) = 1 [pid 3996] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3993] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 3993] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3993] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3992] exit_group(0) = ? [pid 3996] <... futex resumed>) = ? [pid 3993] <... futex resumed>) = ? [pid 3996] +++ exited with 0 +++ [pid 3993] +++ exited with 0 +++ [pid 3992] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3992, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./732", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./732", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./732/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./732/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./732/binderfs") = 0 umount2("./732/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./732/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./732/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./732/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./732/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./732/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./732") = 0 mkdir("./733", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 3997 ./strace-static-x86_64: Process 3997 attached [pid 3997] set_robust_list(0x555555cf25e0, 24) = 0 [pid 3997] chdir("./733") = 0 [pid 3997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3997] setpgid(0, 0) = 0 [pid 3997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3997] write(3, "1000", 4) = 4 [pid 3997] close(3) = 0 [pid 3997] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3997] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 3997] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3997] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3998], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 3998 [pid 3997] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3997] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3998 attached [pid 3998] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 3998] memfd_create("syzkaller", 0) = 3 [pid 3998] ftruncate(3, 2097152) = 0 [pid 3998] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 3998] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 3998] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 3998] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 3998] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 3998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3998] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3998] mkdir("./file0", 0777) = 0 [pid 3998] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3998] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3998] ioctl(4, LOOP_CLR_FD) = 0 [pid 3998] close(4) = 0 [pid 3998] close(3) = 0 [pid 3998] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3998] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3997] <... futex resumed>) = 0 [pid 3997] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3998] <... futex resumed>) = 0 [pid 3998] chdir("./file0") = 0 [pid 3998] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3998] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3997] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3997] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3998] <... futex resumed>) = 0 [pid 3997] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3998] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 3998] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3998] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3997] <... futex resumed>) = 0 [pid 3997] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3997] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 3997] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3997] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4001 attached , parent_tid=[4001], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4001 [pid 4001] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4001] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3997] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4001] <... futex resumed>) = 0 [pid 3997] <... futex resumed>) = 1 [pid 3997] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4001] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4001] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3997] <... futex resumed>) = 0 [pid 4001] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3998] <... futex resumed>) = 0 [pid 3998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = -1 ENOSPC (No space left on device) [pid 3998] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3997] exit_group(0) = ? [pid 4001] <... futex resumed>) = ? [pid 4001] +++ exited with 0 +++ [pid 3998] +++ exited with 0 +++ [pid 3997] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3997, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./733", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./733", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./733/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./733/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./733/binderfs") = 0 umount2("./733/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./733/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./733/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./733/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./733/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./733/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./733") = 0 mkdir("./734", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4002 ./strace-static-x86_64: Process 4002 attached [pid 4002] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4002] chdir("./734") = 0 [pid 4002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4002] setpgid(0, 0) = 0 [pid 4002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4002] write(3, "1000", 4) = 4 [pid 4002] close(3) = 0 [pid 4002] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4002] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4002] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4002] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4003], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4003 [pid 4002] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4002] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4003 attached [pid 4003] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4003] memfd_create("syzkaller", 0) = 3 [pid 4003] ftruncate(3, 2097152) = 0 [pid 4003] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4003] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4003] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4003] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4003] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4003] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4003] mkdir("./file0", 0777) = 0 [pid 4003] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4003] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4003] ioctl(4, LOOP_CLR_FD) = 0 [pid 4003] close(4) = 0 [pid 4003] close(3) = 0 [pid 4003] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4002] <... futex resumed>) = 0 [pid 4002] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4002] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4003] <... futex resumed>) = 1 [pid 4003] chdir("./file0") = 0 [pid 4003] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4002] <... futex resumed>) = 0 [pid 4002] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4002] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4003] <... futex resumed>) = 1 [pid 4003] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4003] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4002] <... futex resumed>) = 0 [pid 4002] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4002] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4002] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4002] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4006], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4006 [pid 4002] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4002] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4003] <... futex resumed>) = 1 [pid 4003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 4003] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4003] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4006 attached [pid 4006] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4006] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4006] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4002] <... futex resumed>) = 0 [pid 4002] exit_group(0) = ? [pid 4003] <... futex resumed>) = 231 [pid 4003] +++ exited with 0 +++ [pid 4006] +++ exited with 0 +++ [pid 4002] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4002, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./734", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./734", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./734/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./734/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./734/binderfs") = 0 umount2("./734/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./734/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./734/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./734/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./734/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./734/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./734") = 0 mkdir("./735", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4007 ./strace-static-x86_64: Process 4007 attached [pid 4007] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4007] chdir("./735") = 0 [pid 4007] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4007] setpgid(0, 0) = 0 [pid 4007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4007] write(3, "1000", 4) = 4 [pid 4007] close(3) = 0 [pid 4007] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4007] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4007] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4007] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4007] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4008], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4008 [pid 4007] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4007] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4008 attached [pid 4008] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4008] memfd_create("syzkaller", 0) = 3 [pid 4008] ftruncate(3, 2097152) = 0 [pid 4008] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4008] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4008] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4008] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4008] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4008] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4008] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4008] mkdir("./file0", 0777) = 0 [pid 4008] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4008] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4008] ioctl(4, LOOP_CLR_FD) = 0 [pid 4008] close(4) = 0 [pid 4008] close(3) = 0 [pid 4008] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4007] <... futex resumed>) = 0 [pid 4007] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4007] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4008] <... futex resumed>) = 1 [pid 4008] chdir("./file0") = 0 [pid 4008] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4007] <... futex resumed>) = 0 [pid 4007] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4007] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4008] <... futex resumed>) = 1 [pid 4008] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4008] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4007] <... futex resumed>) = 0 [pid 4007] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4007] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4007] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4007] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4007] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4011], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4011 [pid 4007] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4007] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4008] <... futex resumed>) = 1 [pid 4008] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 4008] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4008] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4011 attached [pid 4011] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4011] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4011] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4007] <... futex resumed>) = 0 [pid 4007] exit_group(0) = ? [pid 4008] <... futex resumed>) = ? [pid 4008] +++ exited with 0 +++ [pid 4011] <... futex resumed>) = ? [pid 4011] +++ exited with 0 +++ [pid 4007] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4007, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./735", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./735", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./735/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./735/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./735/binderfs") = 0 umount2("./735/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./735/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./735/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./735/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./735/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./735/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./735") = 0 mkdir("./736", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4012 ./strace-static-x86_64: Process 4012 attached [pid 4012] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4012] chdir("./736") = 0 [pid 4012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4012] setpgid(0, 0) = 0 [pid 4012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4012] write(3, "1000", 4) = 4 [pid 4012] close(3) = 0 [pid 4012] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4012] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4012] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4012] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4013], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4013 [pid 4012] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4012] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4013 attached [pid 4013] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4013] memfd_create("syzkaller", 0) = 3 [pid 4013] ftruncate(3, 2097152) = 0 [pid 4013] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4013] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4013] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4013] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4013] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4013] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4013] mkdir("./file0", 0777) = 0 [pid 4013] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4013] ioctl(4, LOOP_CLR_FD) = 0 [pid 4013] close(4) = 0 [pid 4013] close(3) = 0 [pid 4013] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4012] <... futex resumed>) = 0 [pid 4012] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4012] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4013] <... futex resumed>) = 1 [pid 4013] chdir("./file0") = 0 [pid 4013] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4012] <... futex resumed>) = 0 [pid 4012] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4012] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4013] <... futex resumed>) = 1 [pid 4013] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4013] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4012] <... futex resumed>) = 0 [pid 4012] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4012] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4012] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4012] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4016], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4016 [pid 4012] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4012] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4013] <... futex resumed>) = 1 [pid 4013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 4013] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4013] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4016 attached [pid 4016] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4016] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4016] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4012] <... futex resumed>) = 0 [pid 4012] exit_group(0) = ? [pid 4013] <... futex resumed>) = ? [pid 4013] +++ exited with 0 +++ [pid 4016] <... futex resumed>) = ? [pid 4016] +++ exited with 0 +++ [pid 4012] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4012, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./736", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./736", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./736/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./736/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./736/binderfs") = 0 umount2("./736/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./736/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./736/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./736/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./736/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./736/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./736") = 0 mkdir("./737", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4017 ./strace-static-x86_64: Process 4017 attached [pid 4017] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4017] chdir("./737") = 0 [pid 4017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4017] setpgid(0, 0) = 0 [pid 4017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4017] write(3, "1000", 4) = 4 [pid 4017] close(3) = 0 [pid 4017] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4017] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4017] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4017] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4018], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4018 [pid 4017] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4017] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4018 attached [pid 4018] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4018] memfd_create("syzkaller", 0) = 3 [pid 4018] ftruncate(3, 2097152) = 0 [pid 4018] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4018] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4018] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4018] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4018] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4018] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4018] mkdir("./file0", 0777) = 0 [pid 4018] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4018] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4018] ioctl(4, LOOP_CLR_FD) = 0 [pid 4018] close(4) = 0 [pid 4018] close(3) = 0 [pid 4018] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4017] <... futex resumed>) = 0 [pid 4017] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4017] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4018] <... futex resumed>) = 1 [pid 4018] chdir("./file0") = 0 [pid 4018] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4017] <... futex resumed>) = 0 [pid 4017] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4017] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4018] <... futex resumed>) = 1 [pid 4018] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4018] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4017] <... futex resumed>) = 0 [pid 4017] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4017] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4017] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4017] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4021], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4021 [pid 4017] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4017] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4018] <... futex resumed>) = 1 ./strace-static-x86_64: Process 4021 attached [pid 4018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4021] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4021] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4021] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4018] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 4018] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4018] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4017] <... futex resumed>) = 0 [pid 4021] <... futex resumed>) = 1 [pid 4017] exit_group(0) = ? [pid 4018] <... futex resumed>) = ? [pid 4018] +++ exited with 0 +++ [pid 4021] +++ exited with 0 +++ [pid 4017] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4017, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./737", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./737", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./737/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./737/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./737/binderfs") = 0 umount2("./737/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./737/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./737/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./737/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./737/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./737/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./737") = 0 mkdir("./738", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4022 ./strace-static-x86_64: Process 4022 attached [pid 4022] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4022] chdir("./738") = 0 [pid 4022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4022] setpgid(0, 0) = 0 [pid 4022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4022] write(3, "1000", 4) = 4 [pid 4022] close(3) = 0 [pid 4022] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4022] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4022] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4022] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4023], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4023 [pid 4022] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4022] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4023 attached [pid 4023] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4023] memfd_create("syzkaller", 0) = 3 [pid 4023] ftruncate(3, 2097152) = 0 [pid 4023] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4023] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4023] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4023] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4023] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4023] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4023] mkdir("./file0", 0777) = 0 [pid 4023] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4023] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4023] ioctl(4, LOOP_CLR_FD) = 0 [pid 4023] close(4) = 0 [pid 4023] close(3) = 0 [pid 4023] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4022] <... futex resumed>) = 0 [pid 4022] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4022] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4023] <... futex resumed>) = 1 [pid 4023] chdir("./file0") = 0 [pid 4023] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4022] <... futex resumed>) = 0 [pid 4022] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4022] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4023] <... futex resumed>) = 1 [pid 4023] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4023] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4022] <... futex resumed>) = 0 [pid 4022] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4023] <... futex resumed>) = 1 [pid 4022] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4022] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4022] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 4022] <... clone resumed>, parent_tid=[4026], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4026 [pid 4023] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4022] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4023] <... futex resumed>) = 0 [pid 4022] <... futex resumed>) = 0 [pid 4022] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4026 attached [pid 4023] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4026] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4026] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4026] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4022] <... futex resumed>) = 0 [pid 4022] exit_group(0) = ? [pid 4023] <... futex resumed>) = ? [pid 4023] +++ exited with 0 +++ [pid 4026] <... futex resumed>) = ? [pid 4026] +++ exited with 0 +++ [pid 4022] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4022, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./738", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./738", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./738/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./738/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./738/binderfs") = 0 umount2("./738/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./738/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./738/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./738/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./738/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./738/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./738") = 0 mkdir("./739", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4027 ./strace-static-x86_64: Process 4027 attached [pid 4027] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4027] chdir("./739") = 0 [pid 4027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4027] setpgid(0, 0) = 0 [pid 4027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4027] write(3, "1000", 4) = 4 [pid 4027] close(3) = 0 [pid 4027] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4027] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4027] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4027] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4028], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4028 [pid 4027] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4027] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4028 attached [pid 4028] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4028] memfd_create("syzkaller", 0) = 3 [pid 4028] ftruncate(3, 2097152) = 0 [pid 4028] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4028] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4028] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4028] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4028] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4028] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4028] mkdir("./file0", 0777) = 0 [pid 4028] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4028] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4028] ioctl(4, LOOP_CLR_FD) = 0 [pid 4028] close(4) = 0 [pid 4028] close(3) = 0 [pid 4028] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4027] <... futex resumed>) = 0 [pid 4027] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4027] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4028] chdir("./file0") = 0 [pid 4028] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4027] <... futex resumed>) = 0 [pid 4027] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4027] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4028] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4028] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4027] <... futex resumed>) = 0 [pid 4027] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4027] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4027] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 4028] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4027] <... mprotect resumed>) = 0 [pid 4027] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4031 attached [pid 4028] <... write resumed>) = 61 [pid 4027] <... clone resumed>, parent_tid=[4031], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4031 [pid 4028] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4027] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4027] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4031] set_robust_list(0x7f697cdce9e0, 24 [pid 4028] <... futex resumed>) = 0 [pid 4031] <... set_robust_list resumed>) = 0 [pid 4028] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4031] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4031] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4027] <... futex resumed>) = 0 [pid 4027] exit_group(0 [pid 4028] <... futex resumed>) = ? [pid 4027] <... exit_group resumed>) = ? [pid 4028] +++ exited with 0 +++ [pid 4031] +++ exited with 0 +++ [pid 4027] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4027, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./739", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./739", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./739/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./739/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./739/binderfs") = 0 umount2("./739/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./739/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./739/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./739/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./739/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./739/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./739") = 0 mkdir("./740", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4032 ./strace-static-x86_64: Process 4032 attached [pid 4032] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4032] chdir("./740") = 0 [pid 4032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4032] setpgid(0, 0) = 0 [pid 4032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4032] write(3, "1000", 4) = 4 [pid 4032] close(3) = 0 [pid 4032] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4032] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4032] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4032] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4033], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4033 [pid 4032] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4032] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4033 attached [pid 4033] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4033] memfd_create("syzkaller", 0) = 3 [pid 4033] ftruncate(3, 2097152) = 0 [pid 4033] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4033] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4033] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4033] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4033] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4033] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4033] mkdir("./file0", 0777) = 0 [pid 4033] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4033] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4033] ioctl(4, LOOP_CLR_FD) = 0 [pid 4033] close(4) = 0 [pid 4033] close(3) = 0 [pid 4033] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4032] <... futex resumed>) = 0 [pid 4032] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4032] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4033] <... futex resumed>) = 1 [pid 4033] chdir("./file0") = 0 [pid 4033] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4032] <... futex resumed>) = 0 [pid 4032] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4032] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4033] <... futex resumed>) = 1 [pid 4033] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4033] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4032] <... futex resumed>) = 0 [pid 4032] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4032] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4032] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4032] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4036], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4036 ./strace-static-x86_64: Process 4036 attached [pid 4032] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4032] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4033] <... futex resumed>) = 1 [pid 4033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 4033] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4033] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4036] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4036] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4036] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4032] <... futex resumed>) = 0 [pid 4032] exit_group(0) = ? [pid 4033] <... futex resumed>) = ? [pid 4033] +++ exited with 0 +++ [pid 4036] <... futex resumed>) = ? [pid 4036] +++ exited with 0 +++ [pid 4032] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4032, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./740", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./740", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./740/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./740/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./740/binderfs") = 0 umount2("./740/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./740/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./740/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./740/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./740/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./740/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./740") = 0 mkdir("./741", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4037 ./strace-static-x86_64: Process 4037 attached [pid 4037] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4037] chdir("./741") = 0 [pid 4037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4037] setpgid(0, 0) = 0 [pid 4037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4037] write(3, "1000", 4) = 4 [pid 4037] close(3) = 0 [pid 4037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4037] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4037] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4037] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4038], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4038 [pid 4037] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4037] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4038 attached [pid 4038] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4038] memfd_create("syzkaller", 0) = 3 [pid 4038] ftruncate(3, 2097152) = 0 [pid 4038] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4038] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4038] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4038] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4038] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4038] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4038] mkdir("./file0", 0777) = 0 [pid 4038] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4038] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4038] ioctl(4, LOOP_CLR_FD) = 0 [pid 4038] close(4) = 0 [pid 4038] close(3) = 0 [pid 4038] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4037] <... futex resumed>) = 0 [pid 4037] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4037] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4038] <... futex resumed>) = 1 [pid 4038] chdir("./file0") = 0 [pid 4038] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4037] <... futex resumed>) = 0 [pid 4037] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4037] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4038] <... futex resumed>) = 1 [pid 4038] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4038] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4037] <... futex resumed>) = 0 [pid 4037] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4037] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4037] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4037] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4041], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4041 [pid 4037] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4037] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4038] <... futex resumed>) = 1 [pid 4038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 4038] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4038] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4041 attached [pid 4041] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4041] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4041] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4037] <... futex resumed>) = 0 [pid 4037] exit_group(0 [pid 4038] <... futex resumed>) = ? [pid 4037] <... exit_group resumed>) = ? [pid 4038] +++ exited with 0 +++ [pid 4041] <... futex resumed>) = ? [pid 4041] +++ exited with 0 +++ [pid 4037] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4037, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./741", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./741", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./741/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./741/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./741/binderfs") = 0 umount2("./741/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./741/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./741/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./741/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./741/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./741/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./741") = 0 mkdir("./742", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4042 ./strace-static-x86_64: Process 4042 attached [pid 4042] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4042] chdir("./742") = 0 [pid 4042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4042] setpgid(0, 0) = 0 [pid 4042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4042] write(3, "1000", 4) = 4 [pid 4042] close(3) = 0 [pid 4042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4042] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4042] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4042] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4043], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4043 ./strace-static-x86_64: Process 4043 attached [pid 4043] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4043] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4042] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4043] <... futex resumed>) = 0 [pid 4043] memfd_create("syzkaller", 0 [pid 4042] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 4043] <... memfd_create resumed>) = 3 [pid 4043] ftruncate(3, 2097152) = 0 [pid 4043] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4043] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4043] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4043] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4043] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4043] mkdir("./file0", 0777) = 0 [pid 4043] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4043] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4043] ioctl(4, LOOP_CLR_FD) = 0 [pid 4043] close(4) = 0 [pid 4043] close(3) = 0 [pid 4043] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4042] <... futex resumed>) = 0 [pid 4043] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4042] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4043] chdir("./file0" [pid 4042] <... futex resumed>) = 0 [pid 4043] <... chdir resumed>) = 0 [pid 4042] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4043] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4042] <... futex resumed>) = 0 [pid 4042] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4043] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4042] <... futex resumed>) = 0 [pid 4043] <... openat resumed>) = 3 [pid 4042] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4043] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4042] <... futex resumed>) = 0 [pid 4042] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4042] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4042] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4042] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4046 attached [pid 4043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4042] <... clone resumed>, parent_tid=[4046], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4046 [pid 4042] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4042] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4043] <... write resumed>) = 61 [pid 4046] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4043] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4046] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 4043] <... futex resumed>) = 0 [pid 4043] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4046] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 4046] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4042] <... futex resumed>) = 0 [pid 4042] exit_group(0 [pid 4043] <... futex resumed>) = ? [pid 4042] <... exit_group resumed>) = ? [pid 4043] +++ exited with 0 +++ [pid 4046] +++ exited with 0 +++ [pid 4042] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4042, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./742", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./742", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./742/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./742/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./742/binderfs") = 0 umount2("./742/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./742/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./742/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./742/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./742/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./742/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./742") = 0 mkdir("./743", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4047 ./strace-static-x86_64: Process 4047 attached [pid 4047] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4047] chdir("./743") = 0 [pid 4047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4047] setpgid(0, 0) = 0 [pid 4047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4047] write(3, "1000", 4) = 4 [pid 4047] close(3) = 0 [pid 4047] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4047] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4047] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4047] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4048], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4048 [pid 4047] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4047] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4048 attached [pid 4048] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4048] memfd_create("syzkaller", 0) = 3 [pid 4048] ftruncate(3, 2097152) = 0 [pid 4048] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4048] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4048] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4048] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4048] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4048] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4048] mkdir("./file0", 0777) = 0 [pid 4048] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4048] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4048] ioctl(4, LOOP_CLR_FD) = 0 [pid 4048] close(4) = 0 [pid 4048] close(3) = 0 [pid 4048] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4047] <... futex resumed>) = 0 [pid 4047] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4047] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4048] chdir("./file0") = 0 [pid 4048] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4047] <... futex resumed>) = 0 [pid 4048] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4047] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4047] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4048] <... futex resumed>) = 0 [pid 4048] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4048] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4047] <... futex resumed>) = 0 [pid 4047] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4047] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4047] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4047] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4051 attached , parent_tid=[4051], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4051 [pid 4047] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4051] set_robust_list(0x7f697cdce9e0, 24 [pid 4047] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4048] <... futex resumed>) = 1 [pid 4048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4051] <... set_robust_list resumed>) = 0 [pid 4048] <... write resumed>) = 61 [pid 4048] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4048] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4051] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4051] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4047] <... futex resumed>) = 0 [pid 4051] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4047] exit_group(0) = ? [pid 4048] <... futex resumed>) = ? [pid 4048] +++ exited with 0 +++ [pid 4051] <... futex resumed>) = ? [pid 4051] +++ exited with 0 +++ [pid 4047] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4047, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./743", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./743", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./743/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./743/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./743/binderfs") = 0 umount2("./743/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./743/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./743/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./743/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./743/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./743/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./743") = 0 mkdir("./744", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4052 attached , child_tidptr=0x555555cf25d0) = 4052 [pid 4052] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4052] chdir("./744") = 0 [pid 4052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4052] setpgid(0, 0) = 0 [pid 4052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4052] write(3, "1000", 4) = 4 [pid 4052] close(3) = 0 [pid 4052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4052] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4052] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4052] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4053 attached , parent_tid=[4053], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4053 [pid 4053] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4053] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4052] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4053] <... futex resumed>) = 0 [pid 4052] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 4053] memfd_create("syzkaller", 0) = 3 [pid 4053] ftruncate(3, 2097152) = 0 [pid 4053] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4053] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4053] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4053] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4053] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4053] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4053] mkdir("./file0", 0777) = 0 [pid 4053] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4053] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4053] ioctl(4, LOOP_CLR_FD) = 0 [pid 4053] close(4) = 0 [pid 4053] close(3) = 0 [pid 4053] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4053] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4052] <... futex resumed>) = 0 [pid 4052] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4053] <... futex resumed>) = 0 [pid 4053] chdir("./file0") = 0 [pid 4053] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4053] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4052] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 4052] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4053] <... futex resumed>) = 0 [pid 4052] <... futex resumed>) = 1 [pid 4053] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4052] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4053] <... openat resumed>) = 3 [pid 4053] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4053] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4052] <... futex resumed>) = 0 [pid 4052] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4053] <... futex resumed>) = 0 [pid 4052] <... futex resumed>) = 1 [pid 4053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 4053] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4053] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4052] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4053] <... futex resumed>) = 0 [pid 4052] <... futex resumed>) = 1 [pid 4053] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 4052] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4053] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 4053] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4053] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4052] <... futex resumed>) = 0 [pid 4052] exit_group(0 [pid 4053] <... futex resumed>) = ? [pid 4052] <... exit_group resumed>) = ? [pid 4053] +++ exited with 0 +++ [pid 4052] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4052, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./744", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./744", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./744/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./744/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./744/binderfs") = 0 umount2("./744/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./744/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./744/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./744/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./744/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./744/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./744") = 0 mkdir("./745", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4056 ./strace-static-x86_64: Process 4056 attached [pid 4056] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4056] chdir("./745") = 0 [pid 4056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4056] setpgid(0, 0) = 0 [pid 4056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4056] write(3, "1000", 4) = 4 [pid 4056] close(3) = 0 [pid 4056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4056] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4056] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4056] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4057], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4057 [pid 4056] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4056] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4057 attached [pid 4057] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4057] memfd_create("syzkaller", 0) = 3 [pid 4057] ftruncate(3, 2097152) = 0 [pid 4057] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4057] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4057] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4057] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4057] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4057] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4057] mkdir("./file0", 0777) = 0 [pid 4057] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4057] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4057] ioctl(4, LOOP_CLR_FD) = 0 [pid 4057] close(4) = 0 [pid 4057] close(3) = 0 [pid 4057] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4056] <... futex resumed>) = 0 [pid 4056] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4056] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4057] <... futex resumed>) = 1 [pid 4057] chdir("./file0") = 0 [pid 4057] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4056] <... futex resumed>) = 0 [pid 4056] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4056] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4057] <... futex resumed>) = 1 [pid 4057] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4057] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4056] <... futex resumed>) = 0 [pid 4057] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4056] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4056] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4056] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4056] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4060 attached , parent_tid=[4060], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4060 [pid 4056] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4056] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4057] <... futex resumed>) = 0 [pid 4057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 4057] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4057] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4060] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4060] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4060] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4056] <... futex resumed>) = 0 [pid 4056] exit_group(0) = ? [pid 4057] <... futex resumed>) = ? [pid 4057] +++ exited with 0 +++ [pid 4060] <... futex resumed>) = ? [pid 4060] +++ exited with 0 +++ [pid 4056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4056, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./745", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./745", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./745/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./745/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./745/binderfs") = 0 umount2("./745/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./745/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./745/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./745/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./745/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./745/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./745") = 0 mkdir("./746", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4061 ./strace-static-x86_64: Process 4061 attached [pid 4061] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4061] chdir("./746") = 0 [pid 4061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4061] setpgid(0, 0) = 0 [pid 4061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4061] write(3, "1000", 4) = 4 [pid 4061] close(3) = 0 [pid 4061] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4061] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4061] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4061] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4062], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4062 [pid 4061] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 4062 attached ) = 0 [pid 4062] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4061] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 4062] memfd_create("syzkaller", 0) = 3 [pid 4062] ftruncate(3, 2097152) = 0 [pid 4062] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4062] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4062] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4062] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4062] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4062] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4062] mkdir("./file0", 0777) = 0 [pid 4062] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4062] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4062] ioctl(4, LOOP_CLR_FD) = 0 [pid 4062] close(4) = 0 [pid 4062] close(3) = 0 [pid 4062] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4061] <... futex resumed>) = 0 [pid 4062] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4061] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4061] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4062] chdir("./file0") = 0 [pid 4062] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4061] <... futex resumed>) = 0 [pid 4062] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4061] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4061] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4062] <... openat resumed>) = 3 [pid 4062] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4061] <... futex resumed>) = 0 [pid 4061] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4061] <... futex resumed>) = 0 [pid 4062] <... write resumed>) = 61 [pid 4061] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4062] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4062] <... futex resumed>) = 0 [pid 4062] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4061] <... mmap resumed>) = 0x7f697cdae000 [pid 4061] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4061] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4065 attached [pid 4065] set_robust_list(0x7f697cdce9e0, 24 [pid 4061] <... clone resumed>, parent_tid=[4065], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4065 [pid 4061] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4065] <... set_robust_list resumed>) = 0 [pid 4061] <... futex resumed>) = 0 [pid 4065] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 4061] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4065] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 4065] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4065] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4061] <... futex resumed>) = 0 [pid 4061] exit_group(0 [pid 4062] <... futex resumed>) = ? [pid 4061] <... exit_group resumed>) = ? [pid 4062] +++ exited with 0 +++ [pid 4065] <... futex resumed>) = ? [pid 4065] +++ exited with 0 +++ [pid 4061] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4061, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./746", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./746", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./746/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./746/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./746/binderfs") = 0 umount2("./746/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./746/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./746/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./746/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./746/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./746/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./746") = 0 mkdir("./747", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4066 ./strace-static-x86_64: Process 4066 attached [pid 4066] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4066] chdir("./747") = 0 [pid 4066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4066] setpgid(0, 0) = 0 [pid 4066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4066] write(3, "1000", 4) = 4 [pid 4066] close(3) = 0 [pid 4066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4066] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4066] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4066] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4067], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4067 [pid 4066] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4066] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4067 attached [pid 4067] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4067] memfd_create("syzkaller", 0) = 3 [pid 4067] ftruncate(3, 2097152) = 0 [pid 4067] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4067] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4067] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4067] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4067] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4067] mkdir("./file0", 0777) = 0 [pid 4067] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4067] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4067] ioctl(4, LOOP_CLR_FD) = 0 [pid 4067] close(4) = 0 [pid 4067] close(3) = 0 [pid 4067] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4066] <... futex resumed>) = 0 [pid 4066] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4066] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4067] <... futex resumed>) = 1 [pid 4067] chdir("./file0") = 0 [pid 4067] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4066] <... futex resumed>) = 0 [pid 4066] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4066] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4067] <... futex resumed>) = 1 [pid 4067] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4067] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4066] <... futex resumed>) = 0 [pid 4066] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4066] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4066] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4066] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4070], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4070 [pid 4066] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4066] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4067] <... futex resumed>) = 1 [pid 4067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 4067] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4067] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4070 attached [pid 4070] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4070] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4070] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4066] <... futex resumed>) = 0 [pid 4070] <... futex resumed>) = 1 [pid 4066] exit_group(0) = ? [pid 4067] <... futex resumed>) = 231 [pid 4067] +++ exited with 0 +++ [pid 4070] +++ exited with 0 +++ [pid 4066] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4066, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./747", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./747", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./747/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./747/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./747/binderfs") = 0 umount2("./747/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./747/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./747/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./747/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./747/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./747/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./747") = 0 mkdir("./748", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4071 ./strace-static-x86_64: Process 4071 attached [pid 4071] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4071] chdir("./748") = 0 [pid 4071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4071] setpgid(0, 0) = 0 [pid 4071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4071] write(3, "1000", 4) = 4 [pid 4071] close(3) = 0 [pid 4071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4071] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4071] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4071] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4072], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4072 [pid 4071] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4071] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4072 attached [pid 4072] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4072] memfd_create("syzkaller", 0) = 3 [pid 4072] ftruncate(3, 2097152) = 0 [pid 4072] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4072] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4072] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4072] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4072] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4072] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4072] mkdir("./file0", 0777) = 0 [pid 4072] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4072] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4072] ioctl(4, LOOP_CLR_FD) = 0 [pid 4072] close(4) = 0 [pid 4072] close(3) = 0 [pid 4072] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4071] <... futex resumed>) = 0 [pid 4071] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4071] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4072] chdir("./file0") = 0 [pid 4072] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4071] <... futex resumed>) = 0 [pid 4071] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4071] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4072] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4072] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4072] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4071] <... futex resumed>) = 0 [pid 4071] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4071] <... futex resumed>) = 0 [pid 4071] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4071] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4071] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4075], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4075 [pid 4071] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4071] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4075 attached [pid 4075] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4075] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4075] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4071] <... futex resumed>) = 0 [pid 4075] <... futex resumed>) = 1 [pid 4075] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4072] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 4072] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4072] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4071] exit_group(0) = ? [pid 4072] <... futex resumed>) = ? [pid 4072] +++ exited with 0 +++ [pid 4075] <... futex resumed>) = ? [pid 4075] +++ exited with 0 +++ [pid 4071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4071, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./748", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./748", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./748/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./748/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./748/binderfs") = 0 umount2("./748/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./748/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./748/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./748/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./748/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./748/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./748") = 0 mkdir("./749", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4076 ./strace-static-x86_64: Process 4076 attached [pid 4076] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4076] chdir("./749") = 0 [pid 4076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4076] setpgid(0, 0) = 0 [pid 4076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4076] write(3, "1000", 4) = 4 [pid 4076] close(3) = 0 [pid 4076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4076] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4076] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4076] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4077], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4077 [pid 4076] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4076] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4077 attached [pid 4077] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4077] memfd_create("syzkaller", 0) = 3 [pid 4077] ftruncate(3, 2097152) = 0 [pid 4077] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4077] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4077] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4077] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4077] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4077] mkdir("./file0", 0777) = 0 [pid 4077] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4077] ioctl(4, LOOP_CLR_FD) = 0 [pid 4077] close(4) = 0 [pid 4077] close(3) = 0 [pid 4077] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4076] <... futex resumed>) = 0 [pid 4077] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4076] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4076] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4077] <... futex resumed>) = 0 [pid 4077] chdir("./file0") = 0 [pid 4077] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4076] <... futex resumed>) = 0 [pid 4076] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4077] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4076] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4077] <... openat resumed>) = 3 [pid 4077] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4076] <... futex resumed>) = 0 [pid 4076] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4076] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4077] <... write resumed>) = 61 [pid 4076] <... futex resumed>) = 0 [pid 4077] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4077] <... futex resumed>) = 0 [pid 4076] <... mmap resumed>) = 0x7f697cdae000 [pid 4077] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4076] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4076] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4080], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4080 [pid 4076] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4076] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4080 attached [pid 4080] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4080] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4080] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4076] <... futex resumed>) = 0 [pid 4076] exit_group(0 [pid 4077] <... futex resumed>) = ? [pid 4076] <... exit_group resumed>) = ? [pid 4077] +++ exited with 0 +++ [pid 4080] <... futex resumed>) = ? [pid 4080] +++ exited with 0 +++ [pid 4076] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4076, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./749", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./749", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./749/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./749/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./749/binderfs") = 0 umount2("./749/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./749/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./749/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./749/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./749/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./749/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./749") = 0 mkdir("./750", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4081 ./strace-static-x86_64: Process 4081 attached [pid 4081] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4081] chdir("./750") = 0 [pid 4081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4081] setpgid(0, 0) = 0 [pid 4081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4081] write(3, "1000", 4) = 4 [pid 4081] close(3) = 0 [pid 4081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4081] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4081] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4081] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4082], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4082 [pid 4081] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4081] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4082 attached [pid 4082] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4082] memfd_create("syzkaller", 0) = 3 [pid 4082] ftruncate(3, 2097152) = 0 [pid 4082] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4082] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4082] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4082] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4082] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4082] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4082] mkdir("./file0", 0777) = 0 [pid 4082] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4082] ioctl(4, LOOP_CLR_FD) = 0 [pid 4082] close(4) = 0 [pid 4082] close(3) = 0 [pid 4082] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4081] <... futex resumed>) = 0 [pid 4082] <... futex resumed>) = 1 [pid 4081] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4082] chdir("./file0" [pid 4081] <... futex resumed>) = 0 [pid 4081] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4082] <... chdir resumed>) = 0 [pid 4082] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4081] <... futex resumed>) = 0 [pid 4081] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4082] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4081] <... futex resumed>) = 0 [pid 4081] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4082] <... openat resumed>) = 3 [pid 4082] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4081] <... futex resumed>) = 0 [pid 4081] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4081] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4082] <... futex resumed>) = 1 [pid 4081] <... futex resumed>) = 0 [pid 4082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4081] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 4082] <... write resumed>) = 61 [pid 4081] <... mprotect resumed>) = 0 [pid 4081] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4082] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4081] <... clone resumed>, parent_tid=[4085], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4085 [pid 4081] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4082] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4081] <... futex resumed>) = 0 [pid 4081] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4085 attached [pid 4085] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4085] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4085] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4085] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4081] <... futex resumed>) = 0 [pid 4081] exit_group(0) = ? [pid 4082] <... futex resumed>) = ? [pid 4082] +++ exited with 0 +++ [pid 4085] <... futex resumed>) = ? [pid 4085] +++ exited with 0 +++ [pid 4081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4081, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./750", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./750", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./750/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./750/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./750/binderfs") = 0 umount2("./750/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./750/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./750/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./750/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./750/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./750/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./750") = 0 mkdir("./751", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4086 ./strace-static-x86_64: Process 4086 attached [pid 4086] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4086] chdir("./751") = 0 [pid 4086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4086] setpgid(0, 0) = 0 [pid 4086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4086] write(3, "1000", 4) = 4 [pid 4086] close(3) = 0 [pid 4086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4086] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4086] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4086] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4087], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4087 [pid 4086] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4086] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4087 attached [pid 4087] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4087] memfd_create("syzkaller", 0) = 3 [pid 4087] ftruncate(3, 2097152) = 0 [pid 4087] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4087] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4087] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4087] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4087] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4087] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4087] mkdir("./file0", 0777) = 0 [pid 4087] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4087] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4087] ioctl(4, LOOP_CLR_FD) = 0 [pid 4087] close(4) = 0 [pid 4087] close(3) = 0 [pid 4087] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4086] <... futex resumed>) = 0 [pid 4087] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4086] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4087] <... futex resumed>) = 0 [pid 4086] <... futex resumed>) = 1 [pid 4087] chdir("./file0" [pid 4086] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4087] <... chdir resumed>) = 0 [pid 4087] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4086] <... futex resumed>) = 0 [pid 4087] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4086] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4087] <... openat resumed>) = 3 [pid 4086] <... futex resumed>) = 0 [pid 4087] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4086] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4087] <... futex resumed>) = 0 [pid 4086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4086] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4087] <... write resumed>) = 61 [pid 4086] <... futex resumed>) = 0 [pid 4087] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4086] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4087] <... futex resumed>) = 0 [pid 4086] <... futex resumed>) = 0 [pid 4087] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4086] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4086] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4090], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4090 [pid 4086] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4086] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4090 attached [pid 4090] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4090] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4090] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4086] <... futex resumed>) = 0 [pid 4086] exit_group(0 [pid 4087] <... futex resumed>) = ? [pid 4086] <... exit_group resumed>) = ? [pid 4090] <... futex resumed>) = ? [pid 4087] +++ exited with 0 +++ [pid 4090] +++ exited with 0 +++ [pid 4086] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4086, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./751", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./751", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./751/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./751/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./751/binderfs") = 0 umount2("./751/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./751/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./751/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./751/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./751/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./751/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./751") = 0 mkdir("./752", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4091 ./strace-static-x86_64: Process 4091 attached [pid 4091] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4091] chdir("./752") = 0 [pid 4091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4091] setpgid(0, 0) = 0 [pid 4091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4091] write(3, "1000", 4) = 4 [pid 4091] close(3) = 0 [pid 4091] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4091] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4091] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4091] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4092], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4092 [pid 4091] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4091] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4092 attached [pid 4092] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4092] memfd_create("syzkaller", 0) = 3 [pid 4092] ftruncate(3, 2097152) = 0 [pid 4092] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4092] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4092] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4092] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4092] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4092] mkdir("./file0", 0777) = 0 [pid 4092] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4092] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4092] ioctl(4, LOOP_CLR_FD) = 0 [pid 4092] close(4) = 0 [pid 4092] close(3) = 0 [pid 4092] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4091] <... futex resumed>) = 0 [pid 4091] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4091] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4092] <... futex resumed>) = 1 [pid 4092] chdir("./file0") = 0 [pid 4092] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4091] <... futex resumed>) = 0 [pid 4091] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4092] <... futex resumed>) = 1 [pid 4091] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4092] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4092] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4091] <... futex resumed>) = 0 [pid 4091] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4091] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4091] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4091] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4095], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4095 [pid 4091] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4091] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4092] <... futex resumed>) = 1 ./strace-static-x86_64: Process 4095 attached [pid 4092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 4095] set_robust_list(0x7f697cdce9e0, 24 [pid 4092] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4092] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4095] <... set_robust_list resumed>) = 0 [pid 4095] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4095] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4091] <... futex resumed>) = 0 [pid 4091] exit_group(0) = ? [pid 4092] <... futex resumed>) = ? [pid 4092] +++ exited with 0 +++ [pid 4095] <... futex resumed>) = ? [pid 4095] +++ exited with 0 +++ [pid 4091] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4091, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./752", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./752", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./752/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./752/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./752/binderfs") = 0 umount2("./752/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./752/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./752/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./752/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./752/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./752/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./752") = 0 mkdir("./753", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4096 ./strace-static-x86_64: Process 4096 attached [pid 4096] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4096] chdir("./753") = 0 [pid 4096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4096] setpgid(0, 0) = 0 [pid 4096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4096] write(3, "1000", 4) = 4 [pid 4096] close(3) = 0 [pid 4096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4096] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4096] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4096] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4097], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4097 [pid 4096] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4096] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4097 attached [pid 4097] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4097] memfd_create("syzkaller", 0) = 3 [pid 4097] ftruncate(3, 2097152) = 0 [pid 4097] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4097] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4097] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4097] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4097] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4097] mkdir("./file0", 0777) = 0 [pid 4097] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4097] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4097] ioctl(4, LOOP_CLR_FD) = 0 [pid 4097] close(4) = 0 [pid 4097] close(3) = 0 [pid 4097] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4096] <... futex resumed>) = 0 [pid 4096] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4096] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4097] <... futex resumed>) = 1 [pid 4097] chdir("./file0") = 0 [pid 4097] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4096] <... futex resumed>) = 0 [pid 4096] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4096] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4097] <... futex resumed>) = 1 [pid 4097] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4097] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4096] <... futex resumed>) = 0 [pid 4096] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4096] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4096] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4096] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4100], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4100 [pid 4096] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4096] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4097] <... futex resumed>) = 1 [pid 4097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 ./strace-static-x86_64: Process 4100 attached [pid 4100] set_robust_list(0x7f697cdce9e0, 24 [pid 4097] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4097] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4100] <... set_robust_list resumed>) = 0 [pid 4100] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4100] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4096] <... futex resumed>) = 0 [pid 4096] exit_group(0) = ? [pid 4097] <... futex resumed>) = ? [pid 4097] +++ exited with 0 +++ [pid 4100] <... futex resumed>) = ? [pid 4100] +++ exited with 0 +++ [pid 4096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4096, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./753", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./753", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./753/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./753/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./753/binderfs") = 0 umount2("./753/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./753/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./753/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./753/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./753/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./753/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./753") = 0 mkdir("./754", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4101 ./strace-static-x86_64: Process 4101 attached [pid 4101] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4101] chdir("./754") = 0 [pid 4101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4101] setpgid(0, 0) = 0 [pid 4101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4101] write(3, "1000", 4) = 4 [pid 4101] close(3) = 0 [pid 4101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4101] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4101] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4101] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4102], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4102 [pid 4101] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4101] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4102 attached [pid 4102] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4102] memfd_create("syzkaller", 0) = 3 [pid 4102] ftruncate(3, 2097152) = 0 [pid 4102] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4102] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4102] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4102] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4102] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4102] mkdir("./file0", 0777) = 0 [pid 4102] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4102] ioctl(4, LOOP_CLR_FD) = 0 [pid 4102] close(4) = 0 [pid 4102] close(3) = 0 [pid 4102] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4101] <... futex resumed>) = 0 [pid 4102] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4101] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4102] chdir("./file0" [pid 4101] <... futex resumed>) = 0 [pid 4102] <... chdir resumed>) = 0 [pid 4102] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4101] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4102] <... futex resumed>) = 0 [pid 4102] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4101] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4101] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4102] <... futex resumed>) = 0 [pid 4101] <... futex resumed>) = 1 [pid 4102] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4101] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4102] <... openat resumed>) = 3 [pid 4102] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4101] <... futex resumed>) = 0 [pid 4102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4101] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4102] <... write resumed>) = 61 [pid 4101] <... futex resumed>) = 0 [pid 4102] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4101] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4102] <... futex resumed>) = 0 [pid 4101] <... futex resumed>) = 0 [pid 4102] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4101] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4101] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4105], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4105 [pid 4101] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 4105 attached [pid 4101] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4105] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4105] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4105] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4101] <... futex resumed>) = 0 [pid 4101] exit_group(0 [pid 4102] <... futex resumed>) = ? [pid 4101] <... exit_group resumed>) = ? [pid 4102] +++ exited with 0 +++ [pid 4105] <... futex resumed>) = ? [pid 4105] +++ exited with 0 +++ [pid 4101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4101, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./754", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./754", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./754/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./754/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./754/binderfs") = 0 umount2("./754/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./754/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./754/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./754/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./754/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./754/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./754") = 0 mkdir("./755", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4106 ./strace-static-x86_64: Process 4106 attached [pid 4106] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4106] chdir("./755") = 0 [pid 4106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4106] setpgid(0, 0) = 0 [pid 4106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4106] write(3, "1000", 4) = 4 [pid 4106] close(3) = 0 [pid 4106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4106] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4106] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4106] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4107], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4107 [pid 4106] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4106] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4107 attached [pid 4107] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4107] memfd_create("syzkaller", 0) = 3 [pid 4107] ftruncate(3, 2097152) = 0 [pid 4107] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4107] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4107] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4107] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4107] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4107] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4107] mkdir("./file0", 0777) = 0 [pid 4107] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4107] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4107] ioctl(4, LOOP_CLR_FD) = 0 [pid 4107] close(4) = 0 [pid 4107] close(3) = 0 [pid 4107] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4106] <... futex resumed>) = 0 [pid 4106] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4106] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4107] chdir("./file0") = 0 [pid 4107] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4106] <... futex resumed>) = 0 [pid 4106] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4106] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4107] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4107] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4106] <... futex resumed>) = 0 [pid 4106] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4106] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4106] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4106] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4110 attached [pid 4107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4106] <... clone resumed>, parent_tid=[4110], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4110 [pid 4106] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4106] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4110] set_robust_list(0x7f697cdce9e0, 24 [pid 4107] <... write resumed>) = 61 [pid 4110] <... set_robust_list resumed>) = 0 [pid 4107] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4110] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 4107] <... futex resumed>) = 0 [pid 4107] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4110] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 4110] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4106] <... futex resumed>) = 0 [pid 4106] exit_group(0 [pid 4110] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4107] <... futex resumed>) = ? [pid 4106] <... exit_group resumed>) = ? [pid 4107] +++ exited with 0 +++ [pid 4110] <... futex resumed>) = ? [pid 4110] +++ exited with 0 +++ [pid 4106] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4106, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./755", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./755", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./755/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./755/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./755/binderfs") = 0 umount2("./755/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./755/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./755/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./755/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./755/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./755/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./755") = 0 mkdir("./756", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4111 ./strace-static-x86_64: Process 4111 attached [pid 4111] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4111] chdir("./756") = 0 [pid 4111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4111] setpgid(0, 0) = 0 [pid 4111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4111] write(3, "1000", 4) = 4 [pid 4111] close(3) = 0 [pid 4111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4111] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4111] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4111] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4112], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4112 [pid 4111] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4111] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4112 attached [pid 4112] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4112] memfd_create("syzkaller", 0) = 3 [pid 4112] ftruncate(3, 2097152) = 0 [pid 4112] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4112] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4112] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4112] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4112] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4112] mkdir("./file0", 0777) = 0 [pid 4112] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4112] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4112] ioctl(4, LOOP_CLR_FD) = 0 [pid 4112] close(4) = 0 [pid 4112] close(3) = 0 [pid 4112] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4111] <... futex resumed>) = 0 [pid 4111] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4111] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4112] chdir("./file0") = 0 [pid 4112] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4111] <... futex resumed>) = 0 [pid 4111] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4111] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4112] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4112] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4111] <... futex resumed>) = 0 [pid 4111] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4111] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4112] <... write resumed>) = 61 [pid 4111] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4112] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4111] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4112] <... futex resumed>) = 0 [pid 4112] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4111] <... clone resumed>, parent_tid=[4115], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4115 ./strace-static-x86_64: Process 4115 attached [pid 4111] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4111] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4115] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4115] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4115] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4111] <... futex resumed>) = 0 [pid 4111] exit_group(0) = ? [pid 4115] <... futex resumed>) = ? [pid 4112] <... futex resumed>) = ? [pid 4115] +++ exited with 0 +++ [pid 4112] +++ exited with 0 +++ [pid 4111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4111, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./756", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./756", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./756/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./756/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./756/binderfs") = 0 umount2("./756/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./756/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./756/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./756/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./756/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./756/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./756") = 0 mkdir("./757", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4116 ./strace-static-x86_64: Process 4116 attached [pid 4116] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4116] chdir("./757") = 0 [pid 4116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4116] setpgid(0, 0) = 0 [pid 4116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4116] write(3, "1000", 4) = 4 [pid 4116] close(3) = 0 [pid 4116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4116] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4116] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4116] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4117 attached , parent_tid=[4117], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4117 [pid 4116] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4116] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 4117] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4117] memfd_create("syzkaller", 0) = 3 [pid 4117] ftruncate(3, 2097152) = 0 [pid 4117] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4117] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4117] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4117] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4117] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4117] mkdir("./file0", 0777) = 0 [pid 4117] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4117] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4117] ioctl(4, LOOP_CLR_FD) = 0 [pid 4117] close(4) = 0 [pid 4117] close(3) = 0 [pid 4117] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4116] <... futex resumed>) = 0 [pid 4116] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4117] chdir("./file0") = 0 [pid 4117] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4117] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 4116] <... futex resumed>) = 1 [pid 4117] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4116] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 4116] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4117] <... futex resumed>) = 0 [pid 4117] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4116] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4117] <... openat resumed>) = 3 [pid 4117] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4117] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4116] <... futex resumed>) = 0 [pid 4116] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4117] <... futex resumed>) = 0 [pid 4116] <... futex resumed>) = 1 [pid 4117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4116] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4117] <... write resumed>) = 61 [pid 4116] <... futex resumed>) = 0 [pid 4117] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4117] <... futex resumed>) = 0 [pid 4116] <... mmap resumed>) = 0x7f697cdae000 [pid 4117] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4116] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4116] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4120 attached , parent_tid=[4120], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4120 [pid 4120] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4120] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4116] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4120] <... futex resumed>) = 0 [pid 4116] <... futex resumed>) = 1 [pid 4120] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 4116] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4120] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 4120] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4116] <... futex resumed>) = 0 [pid 4116] exit_group(0) = ? [pid 4117] <... futex resumed>) = ? [pid 4117] +++ exited with 0 +++ [pid 4120] +++ exited with 0 +++ [pid 4116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4116, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./757", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./757", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./757/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./757/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./757/binderfs") = 0 umount2("./757/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./757/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./757/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./757/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./757/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./757/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./757") = 0 mkdir("./758", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4121 ./strace-static-x86_64: Process 4121 attached [pid 4121] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4121] chdir("./758") = 0 [pid 4121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4121] setpgid(0, 0) = 0 [pid 4121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4121] write(3, "1000", 4) = 4 [pid 4121] close(3) = 0 [pid 4121] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4121] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4121] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4121] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4122], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4122 [pid 4121] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4121] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4122 attached [pid 4122] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4122] memfd_create("syzkaller", 0) = 3 [pid 4122] ftruncate(3, 2097152) = 0 [pid 4122] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4122] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4122] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4122] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4122] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4122] mkdir("./file0", 0777) = 0 [pid 4122] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4122] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4122] ioctl(4, LOOP_CLR_FD) = 0 [pid 4122] close(4) = 0 [pid 4122] close(3) = 0 [pid 4122] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4121] <... futex resumed>) = 0 [pid 4121] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4121] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4122] <... futex resumed>) = 1 [pid 4122] chdir("./file0") = 0 [pid 4122] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4121] <... futex resumed>) = 0 [pid 4121] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4121] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4122] <... futex resumed>) = 1 [pid 4122] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4122] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4121] <... futex resumed>) = 0 [pid 4121] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4121] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4121] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4121] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4125], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4125 [pid 4121] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4121] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4122] <... futex resumed>) = 1 [pid 4122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 4122] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4122] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4125 attached [pid 4125] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4125] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4125] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4121] <... futex resumed>) = 0 [pid 4125] <... futex resumed>) = 1 [pid 4121] exit_group(0) = ? [pid 4122] <... futex resumed>) = ? [pid 4125] +++ exited with 0 +++ [pid 4122] +++ exited with 0 +++ [pid 4121] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4121, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./758", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./758", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./758/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./758/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./758/binderfs") = 0 umount2("./758/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./758/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./758/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./758/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./758/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./758/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./758") = 0 mkdir("./759", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4126 ./strace-static-x86_64: Process 4126 attached [pid 4126] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4126] chdir("./759") = 0 [pid 4126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4126] setpgid(0, 0) = 0 [pid 4126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4126] write(3, "1000", 4) = 4 [pid 4126] close(3) = 0 [pid 4126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4126] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4126] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4126] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4127], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4127 [pid 4126] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 4127 attached [pid 4127] set_robust_list(0x7f697cdef9e0, 24 [pid 4126] <... futex resumed>) = 0 [pid 4127] <... set_robust_list resumed>) = 0 [pid 4126] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 4127] memfd_create("syzkaller", 0) = 3 [pid 4127] ftruncate(3, 2097152) = 0 [pid 4127] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4127] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4127] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4127] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4127] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4127] mkdir("./file0", 0777) = 0 [pid 4127] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4127] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4127] ioctl(4, LOOP_CLR_FD) = 0 [pid 4127] close(4) = 0 [pid 4127] close(3) = 0 [pid 4127] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4127] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4126] <... futex resumed>) = 0 [pid 4126] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4127] <... futex resumed>) = 0 [pid 4127] chdir("./file0") = 0 [pid 4127] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4127] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4126] <... futex resumed>) = 1 [pid 4126] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 4126] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4127] <... futex resumed>) = 0 [pid 4127] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4126] <... futex resumed>) = 1 [pid 4126] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4127] <... openat resumed>) = 3 [pid 4127] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4126] <... futex resumed>) = 0 [pid 4127] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4126] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4127] <... futex resumed>) = 0 [pid 4126] <... futex resumed>) = 1 [pid 4127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4126] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4127] <... write resumed>) = 61 [pid 4126] <... futex resumed>) = 0 [pid 4127] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4127] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4126] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4126] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4130 attached [pid 4130] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4130] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4126] <... clone resumed>, parent_tid=[4130], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4130 [pid 4126] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4130] <... futex resumed>) = 0 [pid 4126] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4130] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4130] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4126] <... futex resumed>) = 0 [pid 4130] <... futex resumed>) = 1 [pid 4126] exit_group(0 [pid 4130] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4127] <... futex resumed>) = -1 (errno 18446744073709551414) [pid 4126] <... exit_group resumed>) = ? [pid 4127] +++ exited with 0 +++ [pid 4130] <... futex resumed>) = ? [pid 4130] +++ exited with 0 +++ [pid 4126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4126, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./759", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./759", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./759/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./759/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./759/binderfs") = 0 umount2("./759/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./759/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./759/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./759/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./759/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./759/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./759") = 0 mkdir("./760", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4131 ./strace-static-x86_64: Process 4131 attached [pid 4131] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4131] chdir("./760") = 0 [pid 4131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4131] setpgid(0, 0) = 0 [pid 4131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4131] write(3, "1000", 4) = 4 [pid 4131] close(3) = 0 [pid 4131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4131] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4131] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4131] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4132], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4132 [pid 4131] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4131] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4132 attached [pid 4132] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4132] memfd_create("syzkaller", 0) = 3 [pid 4132] ftruncate(3, 2097152) = 0 [pid 4132] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4132] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4132] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4132] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4132] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4132] mkdir("./file0", 0777) = 0 [pid 4132] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4132] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4132] ioctl(4, LOOP_CLR_FD) = 0 [pid 4132] close(4) = 0 [pid 4132] close(3) = 0 [pid 4132] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4131] <... futex resumed>) = 0 [pid 4131] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4131] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4132] <... futex resumed>) = 1 [pid 4132] chdir("./file0") = 0 [pid 4132] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4131] <... futex resumed>) = 0 [pid 4131] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4131] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4132] <... futex resumed>) = 1 [pid 4132] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4132] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4131] <... futex resumed>) = 0 [pid 4131] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4131] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4131] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4131] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4135], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4135 [pid 4131] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4131] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4132] <... futex resumed>) = 1 [pid 4132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 4132] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4132] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4135 attached [pid 4135] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4135] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4135] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4131] <... futex resumed>) = 0 [pid 4135] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4131] exit_group(0) = ? [pid 4132] <... futex resumed>) = 231 [pid 4132] +++ exited with 0 +++ [pid 4135] <... futex resumed>) = ? [pid 4135] +++ exited with 0 +++ [pid 4131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4131, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./760", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./760", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./760/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./760/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./760/binderfs") = 0 umount2("./760/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./760/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./760/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./760/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./760/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./760/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./760") = 0 mkdir("./761", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4136 ./strace-static-x86_64: Process 4136 attached [pid 4136] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4136] chdir("./761") = 0 [pid 4136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4136] setpgid(0, 0) = 0 [pid 4136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4136] write(3, "1000", 4) = 4 [pid 4136] close(3) = 0 [pid 4136] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4136] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4136] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4136] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4137], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4137 [pid 4136] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4136] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4137 attached [pid 4137] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4137] memfd_create("syzkaller", 0) = 3 [pid 4137] ftruncate(3, 2097152) = 0 [pid 4137] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4137] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4137] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4137] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4137] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4137] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4137] mkdir("./file0", 0777) = 0 [pid 4137] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4137] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4137] ioctl(4, LOOP_CLR_FD) = 0 [pid 4137] close(4) = 0 [pid 4137] close(3) = 0 [pid 4137] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4136] <... futex resumed>) = 0 [pid 4137] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4136] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4137] chdir("./file0" [pid 4136] <... futex resumed>) = 0 [pid 4136] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4137] <... chdir resumed>) = 0 [pid 4137] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4136] <... futex resumed>) = 0 [pid 4137] <... futex resumed>) = 1 [pid 4136] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4137] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4136] <... futex resumed>) = 0 [pid 4136] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4137] <... openat resumed>) = 3 [pid 4137] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4136] <... futex resumed>) = 0 [pid 4137] <... futex resumed>) = 1 [pid 4136] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4136] <... futex resumed>) = 0 [pid 4136] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4137] <... write resumed>) = 61 [pid 4136] <... mmap resumed>) = 0x7f697cdae000 [pid 4137] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4136] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 4137] <... futex resumed>) = 0 [pid 4136] <... mprotect resumed>) = 0 [pid 4137] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4136] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4140 attached , parent_tid=[4140], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4140 [pid 4136] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4140] set_robust_list(0x7f697cdce9e0, 24 [pid 4136] <... futex resumed>) = 0 [pid 4140] <... set_robust_list resumed>) = 0 [pid 4136] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4140] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4140] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4136] <... futex resumed>) = 0 [pid 4136] exit_group(0) = ? [pid 4137] <... futex resumed>) = ? [pid 4140] +++ exited with 0 +++ [pid 4137] +++ exited with 0 +++ [pid 4136] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4136, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./761", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./761", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./761/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./761/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./761/binderfs") = 0 umount2("./761/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./761/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./761/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./761/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./761/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./761/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./761") = 0 mkdir("./762", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4141 ./strace-static-x86_64: Process 4141 attached [pid 4141] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4141] chdir("./762") = 0 [pid 4141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4141] setpgid(0, 0) = 0 [pid 4141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4141] write(3, "1000", 4) = 4 [pid 4141] close(3) = 0 [pid 4141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4141] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4141] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4141] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4142], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4142 [pid 4141] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4141] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4142 attached [pid 4142] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4142] memfd_create("syzkaller", 0) = 3 [pid 4142] ftruncate(3, 2097152) = 0 [pid 4142] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4142] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4142] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4142] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4142] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4142] mkdir("./file0", 0777) = 0 [pid 4142] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4142] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4142] ioctl(4, LOOP_CLR_FD) = 0 [pid 4142] close(4) = 0 [pid 4142] close(3) = 0 [pid 4142] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4141] <... futex resumed>) = 0 [pid 4142] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4141] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4141] <... futex resumed>) = 0 [pid 4142] chdir("./file0" [pid 4141] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4142] <... chdir resumed>) = 0 [pid 4142] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4141] <... futex resumed>) = 0 [pid 4142] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4141] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4141] <... futex resumed>) = 0 [pid 4142] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4141] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4142] <... openat resumed>) = 3 [pid 4142] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4141] <... futex resumed>) = 0 [pid 4142] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4141] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4141] <... futex resumed>) = 0 [pid 4142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4141] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4142] <... write resumed>) = 61 [pid 4141] <... futex resumed>) = 0 [pid 4142] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4142] <... futex resumed>) = 0 [pid 4141] <... mmap resumed>) = 0x7f697cdae000 [pid 4142] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4141] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4141] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4145], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4145 [pid 4141] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4141] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4145 attached [pid 4145] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4145] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4145] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4145] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4141] <... futex resumed>) = 0 [pid 4141] exit_group(0) = ? [pid 4145] <... futex resumed>) = ? [pid 4145] +++ exited with 0 +++ [pid 4142] <... futex resumed>) = ? [pid 4142] +++ exited with 0 +++ [pid 4141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4141, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./762", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./762", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./762/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./762/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./762/binderfs") = 0 umount2("./762/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./762/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./762/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./762/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./762/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./762/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./762") = 0 mkdir("./763", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4146 ./strace-static-x86_64: Process 4146 attached [pid 4146] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4146] chdir("./763") = 0 [pid 4146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4146] setpgid(0, 0) = 0 [pid 4146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4146] write(3, "1000", 4) = 4 [pid 4146] close(3) = 0 [pid 4146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4146] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4146] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4146] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4147], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4147 ./strace-static-x86_64: Process 4147 attached [pid 4146] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4147] set_robust_list(0x7f697cdef9e0, 24 [pid 4146] <... futex resumed>) = 0 [pid 4147] <... set_robust_list resumed>) = 0 [pid 4146] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 4147] memfd_create("syzkaller", 0) = 3 [pid 4147] ftruncate(3, 2097152) = 0 [pid 4147] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4147] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4147] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4147] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4147] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4147] mkdir("./file0", 0777) = 0 [pid 4147] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4147] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4147] ioctl(4, LOOP_CLR_FD) = 0 [pid 4147] close(4) = 0 [pid 4147] close(3) = 0 [pid 4147] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4146] <... futex resumed>) = 0 [pid 4146] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4146] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4147] <... futex resumed>) = 1 [pid 4147] chdir("./file0") = 0 [pid 4147] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4146] <... futex resumed>) = 0 [pid 4146] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4146] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4147] <... futex resumed>) = 1 [pid 4147] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4147] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4146] <... futex resumed>) = 0 [pid 4147] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4146] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4146] <... futex resumed>) = 0 [pid 4147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4146] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4147] <... write resumed>) = 61 [pid 4147] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4147] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4146] <... futex resumed>) = 0 [pid 4146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4146] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4146] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4150], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4150 [pid 4146] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4146] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4150 attached [pid 4150] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4150] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4150] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4146] <... futex resumed>) = 0 [pid 4146] exit_group(0 [pid 4147] <... futex resumed>) = ? [pid 4146] <... exit_group resumed>) = ? [pid 4147] +++ exited with 0 +++ [pid 4150] <... futex resumed>) = ? [pid 4150] +++ exited with 0 +++ [pid 4146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4146, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./763", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./763", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./763/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./763/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./763/binderfs") = 0 umount2("./763/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./763/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./763/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./763/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./763/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./763/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./763") = 0 mkdir("./764", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4151 ./strace-static-x86_64: Process 4151 attached [pid 4151] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4151] chdir("./764") = 0 [pid 4151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4151] setpgid(0, 0) = 0 [pid 4151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4151] write(3, "1000", 4) = 4 [pid 4151] close(3) = 0 [pid 4151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4151] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4151] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4151] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4152], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4152 [pid 4151] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4151] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4152 attached [pid 4152] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4152] memfd_create("syzkaller", 0) = 3 [pid 4152] ftruncate(3, 2097152) = 0 [pid 4152] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4152] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4152] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4152] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4152] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4152] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4152] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4152] mkdir("./file0", 0777) = 0 [pid 4152] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4152] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4152] ioctl(4, LOOP_CLR_FD) = 0 [pid 4152] close(4) = 0 [pid 4152] close(3) = 0 [pid 4152] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4151] <... futex resumed>) = 0 [pid 4151] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4151] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4152] <... futex resumed>) = 1 [pid 4152] chdir("./file0") = 0 [pid 4152] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4151] <... futex resumed>) = 0 [pid 4151] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4151] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4152] <... futex resumed>) = 1 [pid 4152] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4152] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4151] <... futex resumed>) = 0 [pid 4151] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4151] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4151] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4151] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4155], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4155 [pid 4151] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4151] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4152] <... futex resumed>) = 1 [pid 4152] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 4152] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4152] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4155 attached [pid 4155] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4155] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4155] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4151] <... futex resumed>) = 0 [pid 4151] exit_group(0) = ? [pid 4152] <... futex resumed>) = ? [pid 4152] +++ exited with 0 +++ [pid 4155] <... futex resumed>) = ? [pid 4155] +++ exited with 0 +++ [pid 4151] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4151, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./764", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./764", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./764/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./764/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./764/binderfs") = 0 umount2("./764/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./764/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./764/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./764/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./764/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./764/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./764") = 0 mkdir("./765", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4156 ./strace-static-x86_64: Process 4156 attached [pid 4156] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4156] chdir("./765") = 0 [pid 4156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4156] setpgid(0, 0) = 0 [pid 4156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4156] write(3, "1000", 4) = 4 [pid 4156] close(3) = 0 [pid 4156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4156] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4156] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4156] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4157], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4157 [pid 4156] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4156] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4157 attached [pid 4157] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4157] memfd_create("syzkaller", 0) = 3 [pid 4157] ftruncate(3, 2097152) = 0 [pid 4157] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4157] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4157] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4157] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4157] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4157] mkdir("./file0", 0777) = 0 [pid 4157] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4157] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4157] ioctl(4, LOOP_CLR_FD) = 0 [pid 4157] close(4) = 0 [pid 4157] close(3) = 0 [pid 4157] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4156] <... futex resumed>) = 0 [pid 4156] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4156] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4157] <... futex resumed>) = 1 [pid 4157] chdir("./file0") = 0 [pid 4157] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4156] <... futex resumed>) = 0 [pid 4157] <... futex resumed>) = 1 [pid 4156] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4156] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4157] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4157] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4156] <... futex resumed>) = 0 [pid 4156] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4156] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4156] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4156] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4160], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4160 [pid 4156] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4156] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4157] <... futex resumed>) = 1 [pid 4157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 4157] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4157] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4160 attached [pid 4160] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4160] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4160] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4156] <... futex resumed>) = 0 [pid 4156] exit_group(0) = ? [pid 4157] <... futex resumed>) = ? [pid 4157] +++ exited with 0 +++ [pid 4160] <... futex resumed>) = ? [pid 4160] +++ exited with 0 +++ [pid 4156] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4156, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./765", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./765", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./765/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./765/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./765/binderfs") = 0 umount2("./765/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./765/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./765/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./765/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./765/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./765/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./765") = 0 mkdir("./766", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4161 ./strace-static-x86_64: Process 4161 attached [pid 4161] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4161] chdir("./766") = 0 [pid 4161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4161] setpgid(0, 0) = 0 [pid 4161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4161] write(3, "1000", 4) = 4 [pid 4161] close(3) = 0 [pid 4161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4161] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4161] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4161] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4162], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4162 [pid 4161] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4161] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4162 attached [pid 4162] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4162] memfd_create("syzkaller", 0) = 3 [pid 4162] ftruncate(3, 2097152) = 0 [pid 4162] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4162] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4162] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4162] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4162] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4162] mkdir("./file0", 0777) = 0 [pid 4162] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4162] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4162] ioctl(4, LOOP_CLR_FD) = 0 [pid 4162] close(4) = 0 [pid 4162] close(3) = 0 [pid 4162] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4161] <... futex resumed>) = 0 [pid 4161] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4161] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4162] <... futex resumed>) = 1 [pid 4162] chdir("./file0") = 0 [pid 4162] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4161] <... futex resumed>) = 0 [pid 4161] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4161] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4162] <... futex resumed>) = 1 [pid 4162] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4162] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4161] <... futex resumed>) = 0 [pid 4161] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4161] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4161] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4161] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4165 attached , parent_tid=[4165], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4165 [pid 4161] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4162] <... futex resumed>) = 1 [pid 4161] <... futex resumed>) = 0 [pid 4162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4161] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4162] <... write resumed>) = 61 [pid 4162] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4162] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4165] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4165] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4165] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4161] <... futex resumed>) = 0 [pid 4165] <... futex resumed>) = 1 [pid 4161] exit_group(0) = ? [pid 4162] <... futex resumed>) = ? [pid 4162] +++ exited with 0 +++ [pid 4165] +++ exited with 0 +++ [pid 4161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4161, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./766", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./766", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./766/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./766/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./766/binderfs") = 0 umount2("./766/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./766/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./766/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./766/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./766/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./766/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./766") = 0 mkdir("./767", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4166 ./strace-static-x86_64: Process 4166 attached [pid 4166] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4166] chdir("./767") = 0 [pid 4166] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4166] setpgid(0, 0) = 0 [pid 4166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4166] write(3, "1000", 4) = 4 [pid 4166] close(3) = 0 [pid 4166] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4166] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4166] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4166] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4166] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4167], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4167 [pid 4166] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4166] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4167 attached [pid 4167] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4167] memfd_create("syzkaller", 0) = 3 [pid 4167] ftruncate(3, 2097152) = 0 [pid 4167] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4167] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4167] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4167] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4167] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4167] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4167] mkdir("./file0", 0777) = 0 [pid 4167] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4167] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4167] ioctl(4, LOOP_CLR_FD) = 0 [pid 4167] close(4) = 0 [pid 4167] close(3) = 0 [pid 4167] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4166] <... futex resumed>) = 0 [pid 4166] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4166] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4167] <... futex resumed>) = 1 [pid 4167] chdir("./file0") = 0 [pid 4167] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4166] <... futex resumed>) = 0 [pid 4166] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4166] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4167] <... futex resumed>) = 1 [pid 4167] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4167] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4166] <... futex resumed>) = 0 [pid 4166] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4166] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4166] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4166] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4166] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4170], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4170 [pid 4166] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4166] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4167] <... futex resumed>) = 1 [pid 4167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 4167] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4167] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4170 attached [pid 4170] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4170] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4170] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4166] <... futex resumed>) = 0 [pid 4166] exit_group(0 [pid 4167] <... futex resumed>) = ? [pid 4166] <... exit_group resumed>) = ? [pid 4167] +++ exited with 0 +++ [pid 4170] <... futex resumed>) = ? [pid 4170] +++ exited with 0 +++ [pid 4166] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4166, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./767", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./767", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./767/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./767/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./767/binderfs") = 0 umount2("./767/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./767/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./767/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./767/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./767/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./767/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./767") = 0 mkdir("./768", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4171 ./strace-static-x86_64: Process 4171 attached [pid 4171] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4171] chdir("./768") = 0 [pid 4171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4171] setpgid(0, 0) = 0 [pid 4171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4171] write(3, "1000", 4) = 4 [pid 4171] close(3) = 0 [pid 4171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4171] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4171] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4171] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4172 attached , parent_tid=[4172], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4172 [pid 4171] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4171] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 4172] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4172] memfd_create("syzkaller", 0) = 3 [pid 4172] ftruncate(3, 2097152) = 0 [pid 4172] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4172] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4172] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4172] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4172] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4172] mkdir("./file0", 0777) = 0 [pid 4172] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4172] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4172] ioctl(4, LOOP_CLR_FD) = 0 [pid 4172] close(4) = 0 [pid 4172] close(3) = 0 [pid 4172] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4171] <... futex resumed>) = 0 [pid 4171] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4171] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4172] chdir("./file0") = 0 [pid 4172] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4171] <... futex resumed>) = 0 [pid 4172] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4171] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4171] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4172] <... openat resumed>) = 3 [pid 4172] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4171] <... futex resumed>) = 0 [pid 4171] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4171] <... futex resumed>) = 0 [pid 4172] <... write resumed>) = 61 [pid 4171] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4172] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4171] <... futex resumed>) = 0 [pid 4172] <... futex resumed>) = 0 [pid 4171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4172] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4171] <... mmap resumed>) = 0x7f697cdae000 [pid 4171] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4171] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4175 attached , parent_tid=[4175], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4175 [pid 4175] set_robust_list(0x7f697cdce9e0, 24 [pid 4171] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4175] <... set_robust_list resumed>) = 0 [pid 4171] <... futex resumed>) = 0 [pid 4175] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 4171] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4175] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 4175] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4171] <... futex resumed>) = 0 [pid 4175] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4171] exit_group(0 [pid 4172] <... futex resumed>) = ? [pid 4171] <... exit_group resumed>) = ? [pid 4172] +++ exited with 0 +++ [pid 4175] <... futex resumed>) = ? [pid 4175] +++ exited with 0 +++ [pid 4171] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4171, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./768", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./768", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./768/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./768/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./768/binderfs") = 0 umount2("./768/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./768/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./768/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./768/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./768/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./768/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./768") = 0 mkdir("./769", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4176 ./strace-static-x86_64: Process 4176 attached [pid 4176] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4176] chdir("./769") = 0 [pid 4176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4176] setpgid(0, 0) = 0 [pid 4176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4176] write(3, "1000", 4) = 4 [pid 4176] close(3) = 0 [pid 4176] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4176] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4176] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4176] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4177], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4177 [pid 4176] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4176] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4177 attached [pid 4177] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4177] memfd_create("syzkaller", 0) = 3 [pid 4177] ftruncate(3, 2097152) = 0 [pid 4177] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4177] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4177] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4177] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4177] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4177] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4177] mkdir("./file0", 0777) = 0 [pid 4177] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4177] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4177] ioctl(4, LOOP_CLR_FD) = 0 [pid 4177] close(4) = 0 [pid 4177] close(3) = 0 [pid 4177] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4176] <... futex resumed>) = 0 [pid 4177] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4176] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4177] <... futex resumed>) = 0 [pid 4176] <... futex resumed>) = 1 [pid 4177] chdir("./file0") = 0 [pid 4177] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4176] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4177] <... futex resumed>) = 0 [pid 4177] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4176] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4177] <... futex resumed>) = 0 [pid 4176] <... futex resumed>) = 1 [pid 4177] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4176] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4177] <... openat resumed>) = 3 [pid 4177] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4176] <... futex resumed>) = 0 [pid 4177] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4176] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4177] <... futex resumed>) = 0 [pid 4176] <... futex resumed>) = 1 [pid 4177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4176] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4177] <... write resumed>) = 61 [pid 4176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4177] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4176] <... mmap resumed>) = 0x7f697cdae000 [pid 4177] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4176] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4176] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4180], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4180 [pid 4176] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4176] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4180 attached [pid 4180] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4180] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4180] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4176] <... futex resumed>) = 0 [pid 4176] exit_group(0 [pid 4177] <... futex resumed>) = ? [pid 4176] <... exit_group resumed>) = ? [pid 4177] +++ exited with 0 +++ [pid 4180] <... futex resumed>) = ? [pid 4180] +++ exited with 0 +++ [pid 4176] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4176, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./769", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./769", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./769/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./769/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./769/binderfs") = 0 umount2("./769/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./769/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./769/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./769/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./769/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./769/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./769") = 0 mkdir("./770", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4181 ./strace-static-x86_64: Process 4181 attached [pid 4181] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4181] chdir("./770") = 0 [pid 4181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4181] setpgid(0, 0) = 0 [pid 4181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4181] write(3, "1000", 4) = 4 [pid 4181] close(3) = 0 [pid 4181] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4181] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4181] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4181] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4182], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4182 [pid 4181] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4181] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4182 attached [pid 4182] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4182] memfd_create("syzkaller", 0) = 3 [pid 4182] ftruncate(3, 2097152) = 0 [pid 4182] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4182] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4182] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4182] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4182] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4182] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4182] mkdir("./file0", 0777) = 0 [pid 4182] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4182] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4182] ioctl(4, LOOP_CLR_FD) = 0 [pid 4182] close(4) = 0 [pid 4182] close(3) = 0 [pid 4182] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4181] <... futex resumed>) = 0 [pid 4181] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4181] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4182] chdir("./file0") = 0 [pid 4182] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4181] <... futex resumed>) = 0 [pid 4182] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4181] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4182] <... openat resumed>) = 3 [pid 4181] <... futex resumed>) = 0 [pid 4181] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4182] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4181] <... futex resumed>) = 0 [pid 4182] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4181] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4182] <... write resumed>) = 61 [pid 4181] <... futex resumed>) = 0 [pid 4182] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4181] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4182] <... futex resumed>) = 0 [pid 4181] <... futex resumed>) = 0 [pid 4182] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4181] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4181] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4185], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4185 [pid 4181] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4181] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4185 attached [pid 4185] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4185] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4185] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4185] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4181] <... futex resumed>) = 0 [pid 4181] exit_group(0) = ? [pid 4185] <... futex resumed>) = ? [pid 4182] <... futex resumed>) = ? [pid 4185] +++ exited with 0 +++ [pid 4182] +++ exited with 0 +++ [pid 4181] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4181, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./770", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./770", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./770/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./770/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./770/binderfs") = 0 umount2("./770/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./770/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./770/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./770/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./770/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./770/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./770") = 0 mkdir("./771", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4186 ./strace-static-x86_64: Process 4186 attached [pid 4186] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4186] chdir("./771") = 0 [pid 4186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4186] setpgid(0, 0) = 0 [pid 4186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4186] write(3, "1000", 4) = 4 [pid 4186] close(3) = 0 [pid 4186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4186] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4186] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4186] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4187], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4187 [pid 4186] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4186] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4187 attached [pid 4187] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4187] memfd_create("syzkaller", 0) = 3 [pid 4187] ftruncate(3, 2097152) = 0 [pid 4187] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4187] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4187] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4187] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4187] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4187] mkdir("./file0", 0777) = 0 [pid 4187] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4187] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4187] ioctl(4, LOOP_CLR_FD) = 0 [pid 4187] close(4) = 0 [pid 4187] close(3) = 0 [pid 4187] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4186] <... futex resumed>) = 0 [pid 4187] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4186] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4186] <... futex resumed>) = 0 [pid 4187] chdir("./file0" [pid 4186] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4187] <... chdir resumed>) = 0 [pid 4187] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4186] <... futex resumed>) = 0 [pid 4187] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4186] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4186] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4187] <... openat resumed>) = 3 [pid 4187] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4186] <... futex resumed>) = 0 [pid 4187] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4186] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4186] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4186] <... futex resumed>) = 0 [pid 4187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4187] <... write resumed>) = 61 [pid 4186] <... mmap resumed>) = 0x7f697cdae000 [pid 4186] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 4187] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4186] <... mprotect resumed>) = 0 [pid 4187] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4186] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4190], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4190 [pid 4186] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 4190 attached [pid 4190] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4186] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4190] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4190] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4186] <... futex resumed>) = 0 [pid 4190] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4186] exit_group(0) = ? [pid 4187] <... futex resumed>) = ? [pid 4187] +++ exited with 0 +++ [pid 4190] <... futex resumed>) = ? [pid 4190] +++ exited with 0 +++ [pid 4186] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4186, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./771", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./771", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./771/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./771/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./771/binderfs") = 0 umount2("./771/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./771/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./771/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./771/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./771/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./771/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./771") = 0 mkdir("./772", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4191 ./strace-static-x86_64: Process 4191 attached [pid 4191] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4191] chdir("./772") = 0 [pid 4191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4191] setpgid(0, 0) = 0 [pid 4191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4191] write(3, "1000", 4) = 4 [pid 4191] close(3) = 0 [pid 4191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4191] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4191] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4191] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4192], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4192 [pid 4191] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4191] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4192 attached [pid 4192] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4192] memfd_create("syzkaller", 0) = 3 [pid 4192] ftruncate(3, 2097152) = 0 [pid 4192] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4192] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4192] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4192] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4192] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4192] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4192] mkdir("./file0", 0777) = 0 [pid 4192] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4192] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4192] ioctl(4, LOOP_CLR_FD) = 0 [pid 4192] close(4) = 0 [pid 4192] close(3) = 0 [pid 4192] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4191] <... futex resumed>) = 0 [pid 4191] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4191] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4192] <... futex resumed>) = 1 [pid 4192] chdir("./file0") = 0 [pid 4192] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4191] <... futex resumed>) = 0 [pid 4191] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4191] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4192] <... futex resumed>) = 1 [pid 4192] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4192] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4191] <... futex resumed>) = 0 [pid 4191] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4191] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4191] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4191] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4195], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4195 [pid 4191] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4191] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4192] <... futex resumed>) = 1 [pid 4192] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 4192] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4192] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4195 attached [pid 4195] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4195] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4195] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4191] <... futex resumed>) = 0 [pid 4191] exit_group(0 [pid 4192] <... futex resumed>) = ? [pid 4191] <... exit_group resumed>) = ? [pid 4192] +++ exited with 0 +++ [pid 4195] <... futex resumed>) = ? [pid 4195] +++ exited with 0 +++ [pid 4191] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4191, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./772", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./772", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./772/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./772/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./772/binderfs") = 0 umount2("./772/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./772/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./772/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./772/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./772/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./772/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./772") = 0 mkdir("./773", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4196 ./strace-static-x86_64: Process 4196 attached [pid 4196] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4196] chdir("./773") = 0 [pid 4196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4196] setpgid(0, 0) = 0 [pid 4196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4196] write(3, "1000", 4) = 4 [pid 4196] close(3) = 0 [pid 4196] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4196] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4196] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4196] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4197], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4197 [pid 4196] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4196] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4197 attached [pid 4197] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4197] memfd_create("syzkaller", 0) = 3 [pid 4197] ftruncate(3, 2097152) = 0 [pid 4197] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4197] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4197] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4197] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4197] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4197] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4197] mkdir("./file0", 0777) = 0 [pid 4197] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4197] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4197] ioctl(4, LOOP_CLR_FD) = 0 [pid 4197] close(4) = 0 [pid 4197] close(3) = 0 [pid 4197] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4196] <... futex resumed>) = 0 [pid 4197] chdir("./file0" [pid 4196] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4197] <... chdir resumed>) = 0 [pid 4196] <... futex resumed>) = 0 [pid 4197] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4196] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 4196] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4196] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4197] <... futex resumed>) = 1 [pid 4196] <... futex resumed>) = 0 [pid 4197] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4196] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4197] <... openat resumed>) = 3 [pid 4197] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4196] <... futex resumed>) = 0 [pid 4197] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4196] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4196] <... futex resumed>) = 0 [pid 4197] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4196] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4197] <... write resumed>) = 61 [pid 4196] <... mmap resumed>) = 0x7f697cdae000 [pid 4197] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4196] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE [pid 4197] <... futex resumed>) = 0 [pid 4196] <... mprotect resumed>) = 0 [pid 4197] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4196] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4200 attached , parent_tid=[4200], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4200 [pid 4200] set_robust_list(0x7f697cdce9e0, 24 [pid 4196] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4200] <... set_robust_list resumed>) = 0 [pid 4196] <... futex resumed>) = 0 [pid 4200] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 4196] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4200] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 4200] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4196] <... futex resumed>) = 0 [pid 4200] futex(0x7f697cec84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4196] exit_group(0) = ? [pid 4197] <... futex resumed>) = ? [pid 4200] <... futex resumed>) = ? [pid 4197] +++ exited with 0 +++ [pid 4200] +++ exited with 0 +++ [pid 4196] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4196, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./773", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./773", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./773/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./773/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./773/binderfs") = 0 umount2("./773/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./773/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./773/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./773/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./773/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./773/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./773") = 0 mkdir("./774", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4201 ./strace-static-x86_64: Process 4201 attached [pid 4201] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4201] chdir("./774") = 0 [pid 4201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4201] setpgid(0, 0) = 0 [pid 4201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4201] write(3, "1000", 4) = 4 [pid 4201] close(3) = 0 [pid 4201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4201] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4201] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4201] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4202], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4202 [pid 4201] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4201] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4202 attached [pid 4202] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4202] memfd_create("syzkaller", 0) = 3 [pid 4202] ftruncate(3, 2097152) = 0 [pid 4202] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4202] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4202] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4202] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4202] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4202] mkdir("./file0", 0777) = 0 [pid 4202] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4202] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4202] ioctl(4, LOOP_CLR_FD) = 0 [pid 4202] close(4) = 0 [pid 4202] close(3) = 0 [pid 4202] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4201] <... futex resumed>) = 0 [pid 4201] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4201] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4202] <... futex resumed>) = 1 [pid 4202] chdir("./file0") = 0 [pid 4202] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4201] <... futex resumed>) = 0 [pid 4201] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4201] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4202] <... futex resumed>) = 1 [pid 4202] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4202] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4201] <... futex resumed>) = 0 [pid 4201] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4201] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4201] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4201] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4205], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4205 [pid 4201] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4201] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4202] <... futex resumed>) = 1 [pid 4202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 4202] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4202] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4205 attached [pid 4205] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4205] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4205] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4201] <... futex resumed>) = 0 [pid 4201] exit_group(0 [pid 4202] <... futex resumed>) = ? [pid 4201] <... exit_group resumed>) = ? [pid 4202] +++ exited with 0 +++ [pid 4205] <... futex resumed>) = ? [pid 4205] +++ exited with 0 +++ [pid 4201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4201, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./774", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./774", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./774/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./774/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./774/binderfs") = 0 umount2("./774/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./774/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./774/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./774/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./774/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./774/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./774") = 0 mkdir("./775", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4206 ./strace-static-x86_64: Process 4206 attached [pid 4206] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4206] chdir("./775") = 0 [pid 4206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4206] setpgid(0, 0) = 0 [pid 4206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4206] write(3, "1000", 4) = 4 [pid 4206] close(3) = 0 [pid 4206] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4206] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4206] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4206] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4207 attached [pid 4207] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4207] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4206] <... clone resumed>, parent_tid=[4207], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4207 [pid 4206] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4207] <... futex resumed>) = 0 [pid 4206] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 4207] memfd_create("syzkaller", 0) = 3 [pid 4207] ftruncate(3, 2097152) = 0 [pid 4207] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4207] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4207] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4207] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4207] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4207] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4207] mkdir("./file0", 0777) = 0 [pid 4207] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4207] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4207] ioctl(4, LOOP_CLR_FD) = 0 [pid 4207] close(4) = 0 [pid 4207] close(3) = 0 [pid 4207] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4206] <... futex resumed>) = 0 [pid 4206] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4206] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4207] <... futex resumed>) = 1 [pid 4207] chdir("./file0") = 0 [pid 4207] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4206] <... futex resumed>) = 0 [pid 4206] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4206] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4207] <... futex resumed>) = 1 [pid 4207] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4207] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4206] <... futex resumed>) = 0 [pid 4206] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4206] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4206] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4206] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4210 attached , parent_tid=[4210], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4210 [pid 4206] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4206] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4207] <... futex resumed>) = 1 [pid 4207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4210] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4207] <... write resumed>) = 61 [pid 4210] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 4207] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4207] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4210] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 4210] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4206] <... futex resumed>) = 0 [pid 4206] exit_group(0) = ? [pid 4207] <... futex resumed>) = ? [pid 4207] +++ exited with 0 +++ [pid 4210] +++ exited with 0 +++ [pid 4206] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4206, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./775", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./775", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./775/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./775/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./775/binderfs") = 0 umount2("./775/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./775/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./775/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./775/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./775/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./775/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./775") = 0 mkdir("./776", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4211 ./strace-static-x86_64: Process 4211 attached [pid 4211] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4211] chdir("./776") = 0 [pid 4211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4211] setpgid(0, 0) = 0 [pid 4211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4211] write(3, "1000", 4) = 4 [pid 4211] close(3) = 0 [pid 4211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4211] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4211] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4211] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4212], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4212 [pid 4211] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4211] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4212 attached [pid 4212] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4212] memfd_create("syzkaller", 0) = 3 [pid 4212] ftruncate(3, 2097152) = 0 [pid 4212] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4212] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4212] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4212] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4212] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4212] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4212] mkdir("./file0", 0777) = 0 [pid 4212] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4212] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4212] ioctl(4, LOOP_CLR_FD) = 0 [pid 4212] close(4) = 0 [pid 4212] close(3) = 0 [pid 4212] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4211] <... futex resumed>) = 0 [pid 4211] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4212] chdir("./file0" [pid 4211] <... futex resumed>) = 0 [pid 4212] <... chdir resumed>) = 0 [pid 4211] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4212] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4211] <... futex resumed>) = 0 [pid 4212] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4211] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4211] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4212] <... openat resumed>) = 3 [pid 4212] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4211] <... futex resumed>) = 0 [pid 4212] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4211] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4212] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4211] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4212] <... write resumed>) = 61 [pid 4211] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4212] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4211] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4212] <... futex resumed>) = 0 [pid 4212] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4215 attached [pid 4211] <... clone resumed>, parent_tid=[4215], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4215 [pid 4215] set_robust_list(0x7f697cdce9e0, 24 [pid 4211] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4215] <... set_robust_list resumed>) = 0 [pid 4211] <... futex resumed>) = 0 [pid 4215] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 4211] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4215] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 4215] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4211] <... futex resumed>) = 0 [pid 4211] exit_group(0) = ? [pid 4212] <... futex resumed>) = ? [pid 4212] +++ exited with 0 +++ [pid 4215] <... futex resumed>) = ? [pid 4215] +++ exited with 0 +++ [pid 4211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4211, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./776", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./776", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./776/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./776/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./776/binderfs") = 0 umount2("./776/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./776/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./776/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./776/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./776/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./776/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./776") = 0 mkdir("./777", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4216 ./strace-static-x86_64: Process 4216 attached [pid 4216] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4216] chdir("./777") = 0 [pid 4216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4216] setpgid(0, 0) = 0 [pid 4216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4216] write(3, "1000", 4) = 4 [pid 4216] close(3) = 0 [pid 4216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4216] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4216] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4216] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4217 attached , parent_tid=[4217], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4217 [pid 4216] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4216] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 4217] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4217] memfd_create("syzkaller", 0) = 3 [pid 4217] ftruncate(3, 2097152) = 0 [pid 4217] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4217] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4217] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4217] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4217] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4217] mkdir("./file0", 0777) = 0 [pid 4217] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4217] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4217] ioctl(4, LOOP_CLR_FD) = 0 [pid 4217] close(4) = 0 [pid 4217] close(3) = 0 [pid 4217] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4217] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4216] <... futex resumed>) = 0 [pid 4216] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4217] <... futex resumed>) = 0 [pid 4216] <... futex resumed>) = 1 [pid 4217] chdir("./file0") = 0 [pid 4217] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4217] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4216] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 4216] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4217] <... futex resumed>) = 0 [pid 4216] <... futex resumed>) = 1 [pid 4217] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4216] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] <... openat resumed>) = 3 [pid 4217] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4216] <... futex resumed>) = 0 [pid 4217] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4216] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4216] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4216] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4216] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4217] <... write resumed>) = 61 [pid 4217] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4216] <... clone resumed>, parent_tid=[4220], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4220 [pid 4217] <... futex resumed>) = 0 [pid 4216] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4216] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4220 attached [pid 4217] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4220] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4220] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4220] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4216] <... futex resumed>) = 0 [pid 4216] exit_group(0) = ? [pid 4217] <... futex resumed>) = ? [pid 4217] +++ exited with 0 +++ [pid 4220] <... futex resumed>) = ? [pid 4220] +++ exited with 0 +++ [pid 4216] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4216, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./777", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./777", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./777/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./777/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./777/binderfs") = 0 umount2("./777/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./777/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./777/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./777/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./777/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./777/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./777") = 0 mkdir("./778", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4221 ./strace-static-x86_64: Process 4221 attached [pid 4221] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4221] chdir("./778") = 0 [pid 4221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4221] setpgid(0, 0) = 0 [pid 4221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4221] write(3, "1000", 4) = 4 [pid 4221] close(3) = 0 [pid 4221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4221] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4221] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4221] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4222 attached [pid 4222] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4222] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4221] <... clone resumed>, parent_tid=[4222], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4222 [pid 4221] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4222] <... futex resumed>) = 0 [pid 4221] <... futex resumed>) = 1 [pid 4221] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 4222] memfd_create("syzkaller", 0) = 3 [pid 4222] ftruncate(3, 2097152) = 0 [pid 4222] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4222] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4222] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4222] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4222] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4222] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4222] mkdir("./file0", 0777) = 0 [pid 4222] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4222] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4222] ioctl(4, LOOP_CLR_FD) = 0 [pid 4222] close(4) = 0 [pid 4222] close(3) = 0 [pid 4222] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4221] <... futex resumed>) = 0 [pid 4221] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4221] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4222] <... futex resumed>) = 1 [pid 4222] chdir("./file0") = 0 [pid 4222] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4221] <... futex resumed>) = 0 [pid 4221] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4221] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4222] <... futex resumed>) = 1 [pid 4222] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4222] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4221] <... futex resumed>) = 0 [pid 4221] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4221] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4221] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4221] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4222] <... futex resumed>) = 1 [pid 4222] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4221] <... clone resumed>, parent_tid=[4225], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4225 [pid 4222] <... write resumed>) = 61 [pid 4221] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 4225 attached ) = 0 [pid 4225] set_robust_list(0x7f697cdce9e0, 24 [pid 4221] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4222] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4225] <... set_robust_list resumed>) = 0 [pid 4225] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 4222] <... futex resumed>) = 0 [pid 4222] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4225] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 4225] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4221] <... futex resumed>) = 0 [pid 4221] exit_group(0) = ? [pid 4222] <... futex resumed>) = ? [pid 4225] <... futex resumed>) = ? [pid 4222] +++ exited with 0 +++ [pid 4225] +++ exited with 0 +++ [pid 4221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4221, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./778", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./778", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./778/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./778/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./778/binderfs") = 0 umount2("./778/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./778/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./778/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./778/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./778/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./778/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./778") = 0 mkdir("./779", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4226 ./strace-static-x86_64: Process 4226 attached [pid 4226] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4226] chdir("./779") = 0 [pid 4226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4226] setpgid(0, 0) = 0 [pid 4226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4226] write(3, "1000", 4) = 4 [pid 4226] close(3) = 0 [pid 4226] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4226] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4226] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4226] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4227], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4227 [pid 4226] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4226] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4227 attached [pid 4227] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4227] memfd_create("syzkaller", 0) = 3 [pid 4227] ftruncate(3, 2097152) = 0 [pid 4227] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4227] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4227] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4227] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4227] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4227] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4227] mkdir("./file0", 0777) = 0 [pid 4227] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4227] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4227] ioctl(4, LOOP_CLR_FD) = 0 [pid 4227] close(4) = 0 [pid 4227] close(3) = 0 [pid 4227] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4226] <... futex resumed>) = 0 [pid 4226] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4226] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4227] <... futex resumed>) = 1 [pid 4227] chdir("./file0") = 0 [pid 4227] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4226] <... futex resumed>) = 0 [pid 4226] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4226] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4227] <... futex resumed>) = 1 [pid 4227] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4227] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4226] <... futex resumed>) = 0 [pid 4226] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4226] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4226] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4226] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4230 attached , parent_tid=[4230], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4230 [pid 4226] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4226] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4227] <... futex resumed>) = 1 [pid 4227] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4230] set_robust_list(0x7f697cdce9e0, 24 [pid 4227] <... write resumed>) = 61 [pid 4227] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4230] <... set_robust_list resumed>) = 0 [pid 4227] <... futex resumed>) = 0 [pid 4227] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4230] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4230] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4226] <... futex resumed>) = 0 [pid 4226] exit_group(0) = ? [pid 4227] <... futex resumed>) = ? [pid 4227] +++ exited with 0 +++ [pid 4230] <... futex resumed>) = ? [pid 4230] +++ exited with 0 +++ [pid 4226] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4226, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./779", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./779", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./779/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./779/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./779/binderfs") = 0 umount2("./779/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./779/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./779/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./779/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./779/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./779/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./779") = 0 mkdir("./780", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4231 ./strace-static-x86_64: Process 4231 attached [pid 4231] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4231] chdir("./780") = 0 [pid 4231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4231] setpgid(0, 0) = 0 [pid 4231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4231] write(3, "1000", 4) = 4 [pid 4231] close(3) = 0 [pid 4231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4231] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4231] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4231] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4232 attached , parent_tid=[4232], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4232 [pid 4231] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4231] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 4232] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4232] memfd_create("syzkaller", 0) = 3 [pid 4232] ftruncate(3, 2097152) = 0 [pid 4232] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4232] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4232] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4232] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4232] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4232] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4232] mkdir("./file0", 0777) = 0 [pid 4232] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4232] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4232] ioctl(4, LOOP_CLR_FD) = 0 [pid 4232] close(4) = 0 [pid 4232] close(3) = 0 [pid 4232] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4231] <... futex resumed>) = 0 [pid 4231] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4231] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4232] <... futex resumed>) = 1 [pid 4232] chdir("./file0") = 0 [pid 4232] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4231] <... futex resumed>) = 0 [pid 4231] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4231] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4232] <... futex resumed>) = 1 [pid 4232] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4232] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4231] <... futex resumed>) = 0 [pid 4231] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4231] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4231] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4231] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4235], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4235 [pid 4231] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4231] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4232] <... futex resumed>) = 1 [pid 4232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 4232] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4232] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4235 attached [pid 4235] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4235] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4235] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4231] <... futex resumed>) = 0 [pid 4231] exit_group(0 [pid 4232] <... futex resumed>) = ? [pid 4231] <... exit_group resumed>) = ? [pid 4232] +++ exited with 0 +++ [pid 4235] <... futex resumed>) = ? [pid 4235] +++ exited with 0 +++ [pid 4231] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4231, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./780", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./780", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./780/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./780/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./780/binderfs") = 0 umount2("./780/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./780/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./780/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./780/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./780/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./780/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./780") = 0 mkdir("./781", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4236 ./strace-static-x86_64: Process 4236 attached [pid 4236] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4236] chdir("./781") = 0 [pid 4236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4236] setpgid(0, 0) = 0 [pid 4236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4236] write(3, "1000", 4) = 4 [pid 4236] close(3) = 0 [pid 4236] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4236] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4236] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4236] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4237], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4237 [pid 4236] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4236] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4237 attached [pid 4237] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4237] memfd_create("syzkaller", 0) = 3 [pid 4237] ftruncate(3, 2097152) = 0 [pid 4237] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4237] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4237] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4237] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4237] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4237] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4237] mkdir("./file0", 0777) = 0 [pid 4237] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4237] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4237] ioctl(4, LOOP_CLR_FD) = 0 [pid 4237] close(4) = 0 [pid 4237] close(3) = 0 [pid 4237] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4236] <... futex resumed>) = 0 [pid 4236] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4236] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4237] <... futex resumed>) = 1 [pid 4237] chdir("./file0") = 0 [pid 4237] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4236] <... futex resumed>) = 0 [pid 4236] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4236] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4237] <... futex resumed>) = 1 [pid 4237] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 4237] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4236] <... futex resumed>) = 0 [pid 4236] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4236] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4236] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4236] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4240], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4240 [pid 4236] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4236] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4237] <... futex resumed>) = 1 [pid 4237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61) = 61 [pid 4237] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4237] futex(0x7f697cec84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4240 attached [pid 4240] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4240] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOSPC (No space left on device) [pid 4240] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4236] <... futex resumed>) = 0 [pid 4236] exit_group(0 [pid 4237] <... futex resumed>) = ? [pid 4236] <... exit_group resumed>) = ? [pid 4237] +++ exited with 0 +++ [pid 4240] <... futex resumed>) = ? [pid 4240] +++ exited with 0 +++ [pid 4236] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4236, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./781", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./781", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555cf3620 /* 4 entries */, 32768) = 112 umount2("./781/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./781/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./781/binderfs") = 0 umount2("./781/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./781/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./781/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./781/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./781/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555cfb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555cfb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./781/file0") = 0 getdents64(3, 0x555555cf3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./781") = 0 mkdir("./782", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cf25d0) = 4241 ./strace-static-x86_64: Process 4241 attached [pid 4241] set_robust_list(0x555555cf25e0, 24) = 0 [pid 4241] chdir("./782") = 0 [pid 4241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4241] setpgid(0, 0) = 0 [pid 4241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4241] write(3, "1000", 4) = 4 [pid 4241] close(3) = 0 [pid 4241] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4241] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdcf000 [pid 4241] mprotect(0x7f697cdd0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4241] clone(child_stack=0x7f697cdef3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4242], tls=0x7f697cdef700, child_tidptr=0x7f697cdef9d0) = 4242 [pid 4241] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4241] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 4242 attached [pid 4242] set_robust_list(0x7f697cdef9e0, 24) = 0 [pid 4242] memfd_create("syzkaller", 0) = 3 [pid 4242] ftruncate(3, 2097152) = 0 [pid 4242] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 4242] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 4242] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 4242] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 4242] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 4242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4242] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4242] mkdir("./file0", 0777) = 0 [pid 4242] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 4242] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 4242] ioctl(4, LOOP_CLR_FD) = 0 [pid 4242] close(4) = 0 [pid 4242] close(3) = 0 [pid 4242] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4241] <... futex resumed>) = 0 [pid 4241] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4242] chdir("./file0" [pid 4241] <... futex resumed>) = 0 [pid 4241] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4242] <... chdir resumed>) = 0 [pid 4242] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4241] <... futex resumed>) = 0 [pid 4241] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4242] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4241] <... futex resumed>) = 0 [pid 4241] futex(0x7f697cec84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4242] <... openat resumed>) = 3 [pid 4242] futex(0x7f697cec84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4241] <... futex resumed>) = 0 [pid 4241] futex(0x7f697cec84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4241] futex(0x7f697cec84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f697cdae000 [pid 4241] mprotect(0x7f697cdaf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4241] clone(child_stack=0x7f697cdce3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4245], tls=0x7f697cdce700, child_tidptr=0x7f697cdce9d0) = 4245 [pid 4242] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 61 [pid 4241] futex(0x7f697cec84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4241] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4245 attached [pid 4245] set_robust_list(0x7f697cdce9e0, 24) = 0 [pid 4245] ioctl(3, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000 [pid 4241] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4241] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 4241] futex(0x7f697cec84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 75.039789][ T4242] ------------[ cut here ]------------ [ 75.045277][ T4242] kernel BUG at fs/ext4/inline.c:760! [ 75.050629][ T4242] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 75.056681][ T4242] CPU: 0 PID: 4242 Comm: syz-executor409 Not tainted 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 75.066976][ T4242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.077013][ T4242] RIP: 0010:ext4_write_inline_data_end+0x4a4/0x4b0 [ 75.083483][ T4242] Code: ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c e0 fd ff ff 4c 89 e7 e8 cb d9 cc ff e9 d3 fd ff ff e8 61 e8 b6 02 e8 ac 0f 93 ff <0f> 0b e8 a5 0f 93 ff 0f 0b 0f 1f 00 55 48 89 e5 41 57 41 56 41 55 [ 75.103068][ T4242] RSP: 0018:ffffc900071e76a0 EFLAGS: 00010293 [ 75.109114][ T4242] RAX: ffffffff81d9a114 RBX: 0000000000000000 RCX: ffff88811b520000 [ 75.117071][ T4242] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 75.125127][ T4242] RBP: ffffc900071e7788 R08: ffffffff81d99e14 R09: ffffed1023c503bc [ 75.133089][ T4242] R10: ffffed1023c503bc R11: 1ffff11023c503bb R12: 0000004c00080000 [ 75.141042][ T4242] R13: ffff88811e281dd8 R14: ffffea00046cf840 R15: ffff88811e281f20 [ 75.148990][ T4242] FS: 00007f697cdef700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 75.157887][ T4242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.164441][ T4242] CR2: 0000000020012600 CR3: 000000010a11f000 CR4: 00000000003506b0 [ 75.172395][ T4242] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.180351][ T4242] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [pid 4241] exit_group(0) = ? [ 75.188320][ T4242] Call Trace: [ 75.191601][ T4242] ? ext4_convert_inline_data_to_extent+0xdc0/0xdc0 [ 75.198161][ T4242] ? ext4_initxattrs+0x120/0x120 [ 75.203071][ T4242] ? __vfs_getxattr+0x62f/0x700 [ 75.207894][ T4242] ext4_write_end+0x1e5/0xde0 [ 75.212545][ T4242] ext4_da_write_end+0xb7/0xb40 [ 75.217366][ T4242] ? asan.module_dtor+0x20/0x20 [ 75.222189][ T4242] ? ext4_da_write_begin+0xf10/0xf10 [ 75.227445][ T4242] generic_perform_write+0x410/0x5b0 [ 75.232701][ T4242] ? grab_cache_page_write_begin+0xa0/0xa0 [ 75.238476][ T4242] ? down_write+0xd8/0x150 [ 75.242864][ T4242] ? down_read_killable+0x240/0x240 [ 75.248031][ T4242] ? newidle_balance+0x688/0xbe0 [ 75.252938][ T4242] ? generic_write_checks+0x3d8/0x490 [ 75.258279][ T4242] ext4_buffered_write_iter+0x47c/0x610 [ 75.263800][ T4242] ext4_file_write_iter+0x192/0x1cd0 [ 75.269055][ T4242] ? __kasan_check_read+0x11/0x20 [ 75.274486][ T4242] ? compat_start_thread+0x80/0x80 [ 75.279575][ T4242] ? pick_next_task_fair+0x160/0xcb0 [ 75.284833][ T4242] ? avc_policy_seqno+0x1b/0x70 [ 75.289742][ T4242] ? selinux_file_permission+0x2a9/0x520 [ 75.295345][ T4242] ? fsnotify_perm+0x67/0x4e0 [ 75.299994][ T4242] ? ext4_file_read_iter+0x4d0/0x4d0 [ 75.305247][ T4242] ? security_file_permission+0xa8/0xc0 [ 75.310763][ T4242] ? iov_iter_init+0x3f/0x120 [ 75.315409][ T4242] vfs_write+0xc1c/0xf40 [ 75.319632][ T4242] ? __kasan_check_write+0x14/0x20 [ 75.324729][ T4242] ? kernel_write+0x3c0/0x3c0 [ 75.329377][ T4242] ? mutex_trylock+0xb0/0xb0 [ 75.333937][ T4242] ? __fdget_pos+0x26d/0x310 [ 75.338497][ T4242] ? ksys_write+0x77/0x2c0 [ 75.342887][ T4242] ksys_write+0x198/0x2c0 [ 75.347198][ T4242] ? do_notify_parent+0xa60/0xa60 [ 75.352200][ T4242] ? __ia32_sys_read+0x90/0x90 [ 75.356933][ T4242] ? __ia32_sys_open+0x270/0x270 [ 75.361838][ T4242] __x64_sys_write+0x7b/0x90 [ 75.366399][ T4242] do_syscall_64+0x34/0x70 [ 75.370786][ T4242] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 75.376647][ T4242] RIP: 0033:0x7f697ce42cf9 [ 75.381030][ T4242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 75.400605][ T4242] RSP: 002b:00007f697cdef2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 75.408992][ T4242] RAX: ffffffffffffffda RBX: 00007f697cec84a0 RCX: 00007f697ce42cf9 [ 75.416932][ T4242] RDX: 000000000000003d RSI: 0000000020000040 RDI: 0000000000000003 [ 75.424875][ T4242] RBP: 00007f697ce950ac R08: 0000000000000000 R09: 0000000000000000 [ 75.432817][ T4242] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f697ce940a8 [ 75.440765][ T4242] R13: 0030656c69662f2e R14: e5d26e84aa4cf3c6 R15: 00007f697cec84a8 [ 75.448707][ T4242] Modules linked in: [ 75.452763][ T4242] ---[ end trace ab959557f95f62e5 ]--- [ 75.458209][ T4242] RIP: 0010:ext4_write_inline_data_end+0x4a4/0x4b0 [ 75.465360][ T4242] Code: ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c e0 fd ff ff 4c 89 e7 e8 cb d9 cc ff e9 d3 fd ff ff e8 61 e8 b6 02 e8 ac 0f 93 ff <0f> 0b e8 a5 0f 93 ff 0f 0b 0f 1f 00 55 48 89 e5 41 57 41 56 41 55 [ 75.484973][ T4242] RSP: 0018:ffffc900071e76a0 EFLAGS: 00010293 [ 75.491036][ T4242] RAX: ffffffff81d9a114 RBX: 0000000000000000 RCX: ffff88811b520000 [ 75.499014][ T4242] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 75.506979][ T4242] RBP: ffffc900071e7788 R08: ffffffff81d99e14 R09: ffffed1023c503bc [ 75.515046][ T4242] R10: ffffed1023c503bc R11: 1ffff11023c503bb R12: 0000004c00080000 [ 75.523035][ T4242] R13: ffff88811e281dd8 R14: ffffea00046cf840 R15: ffff88811e281f20 [ 75.530986][ T4242] FS: 00007f697cdef700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 75.539909][ T4242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.546482][ T4242] CR2: 0000000020012600 CR3: 000000010a11f000 CR4: 00000000003506b0 [ 75.554459][ T4242] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.562428][ T4242] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.570455][ T4242] Kernel panic - not syncing: Fatal exception [ 75.576719][ T4242] Kernel Offset: disabled [ 75.581029][ T4242] Rebooting in 86400 seconds..