./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2017740430 <...> DUID 00:04:23:68:77:f1:65:66:05:56:fc:6e:24:65:03:30:d5:25 forked to background, child pid 4667 [ 21.047453][ T4668] 8021q: adding VLAN 0 to HW filter on device bond0 [ 21.057011][ T4668] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.107' (ECDSA) to the list of known hosts. execve("./syz-executor2017740430", ["./syz-executor2017740430"], 0x7ffe96fd4a20 /* 10 vars */) = 0 brk(NULL) = 0x555555834000 brk(0x555555834c40) = 0x555555834c40 arch_prctl(ARCH_SET_FS, 0x555555834300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2017740430", 4096) = 28 brk(0x555555855c40) = 0x555555855c40 brk(0x555555856000) = 0x555555856000 mprotect(0x7fd4e24be000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5000 attached , child_tidptr=0x5555558345d0) = 5000 [pid 4999] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5000] getpid(./strace-static-x86_64: Process 5001 attached [pid 4999] <... clone resumed>, child_tidptr=0x5555558345d0) = 5001 [pid 5000] <... getpid resumed>) = 5000 [pid 5000] mkdir("./syzkaller.302Ygi", 0700 [pid 4999] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5001] getpid( [pid 5000] <... mkdir resumed>) = 0 [pid 5000] chmod("./syzkaller.302Ygi", 0777 [pid 5001] <... getpid resumed>) = 5001 [pid 5000] <... chmod resumed>) = 0 [pid 5000] chdir("./syzkaller.302Ygi" [pid 5001] mkdir("./syzkaller.aZb2gk", 0700 [pid 5000] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 5002 attached [pid 4999] <... clone resumed>, child_tidptr=0x5555558345d0) = 5002 [pid 5000] mkdir("./0", 0777 [pid 4999] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5002] getpid( [pid 5001] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5003 attached [pid 5002] <... getpid resumed>) = 5002 [pid 5001] chmod("./syzkaller.aZb2gk", 0777 [pid 5000] <... mkdir resumed>) = 0 [pid 4999] <... clone resumed>, child_tidptr=0x5555558345d0) = 5003 [pid 5000] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 4999] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5002] mkdir("./syzkaller.JvFIjs", 0700 [pid 5001] <... chmod resumed>) = 0 [pid 5000] <... openat resumed>) = 3 [pid 5003] getpid( [pid 5001] chdir("./syzkaller.aZb2gk" [pid 5000] ioctl(3, LOOP_CLR_FD [pid 4999] <... clone resumed>, child_tidptr=0x5555558345d0) = 5004 [pid 5002] <... mkdir resumed>) = 0 [pid 5001] <... chdir resumed>) = 0 [pid 5000] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4999] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5002] chmod("./syzkaller.JvFIjs", 0777 [pid 5000] close(3./strace-static-x86_64: Process 5005 attached ./strace-static-x86_64: Process 5004 attached [pid 5003] <... getpid resumed>) = 5003 [pid 5002] <... chmod resumed>) = 0 [pid 5001] mkdir("./0", 0777 [pid 5005] getpid( [pid 5004] getpid( [pid 5003] mkdir("./syzkaller.enGrRw", 0700 [pid 5002] chdir("./syzkaller.JvFIjs" [pid 5001] <... mkdir resumed>) = 0 [pid 4999] <... clone resumed>, child_tidptr=0x5555558345d0) = 5005 [pid 5005] <... getpid resumed>) = 5005 [pid 5004] <... getpid resumed>) = 5004 [pid 5003] <... mkdir resumed>) = 0 [pid 5002] <... chdir resumed>) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5000] <... close resumed>) = 0 [pid 5005] mkdir("./syzkaller.eu3vmE", 0700 [pid 5004] mkdir("./syzkaller.g6zeOA", 0700 [pid 5003] chmod("./syzkaller.enGrRw", 0777 [pid 5002] mkdir("./0", 0777 [pid 5001] <... openat resumed>) = 3 [pid 5000] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5005] <... mkdir resumed>) = 0 [pid 5004] <... mkdir resumed>) = 0 [pid 5003] <... chmod resumed>) = 0 [pid 5002] <... mkdir resumed>) = 0 [pid 5001] ioctl(3, LOOP_CLR_FD [pid 5005] chmod("./syzkaller.eu3vmE", 0777 [pid 5004] chmod("./syzkaller.g6zeOA", 0777 [pid 5003] chdir("./syzkaller.enGrRw" [pid 5002] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5001] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5005] <... chmod resumed>) = 0 [pid 5004] <... chmod resumed>) = 0 [pid 5003] <... chdir resumed>) = 0 [pid 5002] <... openat resumed>) = 3 [pid 5001] close(3./strace-static-x86_64: Process 5007 attached [pid 5004] chdir("./syzkaller.g6zeOA" [pid 5003] mkdir("./0", 0777 [pid 5000] <... clone resumed>, child_tidptr=0x5555558345d0) = 5007 [pid 5005] chdir("./syzkaller.eu3vmE" [pid 5004] <... chdir resumed>) = 0 [pid 5003] <... mkdir resumed>) = 0 [pid 5002] ioctl(3, LOOP_CLR_FD [pid 5001] <... close resumed>) = 0 [pid 5005] <... chdir resumed>) = 0 [pid 5004] mkdir("./0", 0777 [pid 5003] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5002] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5005] mkdir("./0", 0777 [pid 5004] <... mkdir resumed>) = 0 [pid 5003] <... openat resumed>) = 3 [pid 5002] close(3 [pid 5005] <... mkdir resumed>) = 0 [pid 5004] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5003] ioctl(3, LOOP_CLR_FD [pid 5002] <... close resumed>) = 0 [pid 5001] <... clone resumed>, child_tidptr=0x5555558345d0) = 5008 [pid 5007] chdir("./0" [pid 5005] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5004] <... openat resumed>) = 3 [pid 5003] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5002] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5007] <... chdir resumed>) = 0 [pid 5005] <... openat resumed>) = 3 [pid 5004] ioctl(3, LOOP_CLR_FD [pid 5003] close(3 [pid 5007] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5005] ioctl(3, LOOP_CLR_FD [pid 5004] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5003] <... close resumed>) = 0 [pid 5002] <... clone resumed>, child_tidptr=0x5555558345d0) = 5009 ./strace-static-x86_64: Process 5008 attached [pid 5007] <... prctl resumed>) = 0 [pid 5005] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5004] close(3 [pid 5003] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5009 attached [pid 5008] chdir("./0" [pid 5007] setpgid(0, 0 [pid 5005] close(3 [pid 5004] <... close resumed>) = 0 [pid 5008] <... chdir resumed>) = 0 [pid 5007] <... setpgid resumed>) = 0 [pid 5005] <... close resumed>) = 0 [pid 5004] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5003] <... clone resumed>, child_tidptr=0x5555558345d0) = 5010 [pid 5009] chdir("./0" [pid 5008] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5005] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5004] <... clone resumed>, child_tidptr=0x5555558345d0) = 5011 [pid 5007] <... openat resumed>) = 3 [pid 5005] <... clone resumed>, child_tidptr=0x5555558345d0) = 5012 [pid 5008] <... prctl resumed>) = 0 [pid 5007] write(3, "1000", 4 [pid 5008] setpgid(0, 0 [pid 5007] <... write resumed>) = 4 [pid 5008] <... setpgid resumed>) = 0 [pid 5007] close(3 [pid 5008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5007] <... close resumed>) = 0 [pid 5009] <... chdir resumed>) = 0 [pid 5008] <... openat resumed>) = 3 [pid 5007] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 5010 attached [pid 5009] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5008] write(3, "1000", 4 [pid 5007] <... symlink resumed>) = 0 [pid 5010] chdir("./0" [pid 5009] <... prctl resumed>) = 0 [pid 5008] <... write resumed>) = 4 [pid 5007] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5012 attached [pid 5010] <... chdir resumed>) = 0 [pid 5009] setpgid(0, 0 [pid 5008] close(3 [pid 5012] chdir("./0" [pid 5010] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5012] <... chdir resumed>) = 0 [pid 5010] <... prctl resumed>) = 0 [pid 5012] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5010] setpgid(0, 0 [pid 5012] <... prctl resumed>) = 0 [pid 5010] <... setpgid resumed>) = 0 [pid 5012] setpgid(0, 0 [pid 5010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5012] <... setpgid resumed>) = 0 [pid 5010] <... openat resumed>) = 3 [pid 5012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5010] write(3, "1000", 4 [pid 5012] <... openat resumed>) = 3 [pid 5010] <... write resumed>) = 4 [pid 5012] write(3, "1000", 4 [pid 5010] close(3 [pid 5012] <... write resumed>) = 4 [pid 5010] <... close resumed>) = 0 [pid 5012] close(3 [pid 5010] symlink("/dev/binderfs", "./binderfs" [pid 5012] <... close resumed>) = 0 [pid 5010] <... symlink resumed>) = 0 [pid 5012] symlink("/dev/binderfs", "./binderfs" [pid 5010] memfd_create("syzkaller", 0 [pid 5012] <... symlink resumed>) = 0 [pid 5010] <... memfd_create resumed>) = 3 [pid 5009] <... setpgid resumed>) = 0 [pid 5008] <... close resumed>) = 0 ./strace-static-x86_64: Process 5011 attached [pid 5012] memfd_create("syzkaller", 0 [pid 5010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5008] symlink("/dev/binderfs", "./binderfs" [pid 5012] <... memfd_create resumed>) = 3 [pid 5010] <... mmap resumed>) = 0x7fd4da002000 [pid 5009] <... openat resumed>) = 3 [pid 5012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5011] chdir("./0" [pid 5010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5009] write(3, "1000", 4 [pid 5008] <... symlink resumed>) = 0 [pid 5007] <... memfd_create resumed>) = 3 [pid 5012] <... mmap resumed>) = 0x7fd4da002000 [pid 5011] <... chdir resumed>) = 0 [pid 5010] <... write resumed>) = 524288 [pid 5009] <... write resumed>) = 4 [pid 5008] memfd_create("syzkaller", 0 [pid 5007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5012] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5011] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5009] close(3 [pid 5008] <... memfd_create resumed>) = 3 [pid 5007] <... mmap resumed>) = 0x7fd4da002000 [pid 5012] <... write resumed>) = 524288 [pid 5011] <... prctl resumed>) = 0 [pid 5009] <... close resumed>) = 0 [pid 5008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5011] setpgid(0, 0 [pid 5009] symlink("/dev/binderfs", "./binderfs" [pid 5008] <... mmap resumed>) = 0x7fd4da002000 [pid 5011] <... setpgid resumed>) = 0 [pid 5010] munmap(0x7fd4da002000, 524288 [pid 5009] <... symlink resumed>) = 0 [pid 5010] <... munmap resumed>) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5012] munmap(0x7fd4da002000, 524288 [pid 5011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5010] <... openat resumed>) = 4 [pid 5009] memfd_create("syzkaller", 0 [pid 5008] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5012] <... munmap resumed>) = 0 [pid 5011] <... openat resumed>) = 3 [pid 5010] ioctl(4, LOOP_SET_FD, 3 [pid 5009] <... memfd_create resumed>) = 3 [pid 5012] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5011] write(3, "1000", 4 [pid 5010] <... ioctl resumed>) = 0 [pid 5009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5008] <... write resumed>) = 524288 [pid 5007] <... write resumed>) = 524288 [pid 5012] <... openat resumed>) = 4 [pid 5012] ioctl(4, LOOP_SET_FD, 3 [pid 5011] <... write resumed>) = 4 syzkaller login: [ 41.723491][ T5007] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5007 'syz-executor201' [ 41.758357][ T5010] loop3: detected capacity change from 0 to 1024 [pid 5012] <... ioctl resumed>) = 0 [pid 5011] close(3 [pid 5009] <... mmap resumed>) = 0x7fd4da002000 [pid 5008] munmap(0x7fd4da002000, 524288 [pid 5007] munmap(0x7fd4da002000, 524288 [pid 5011] <... close resumed>) = 0 [pid 5010] close(3) = 0 [pid 5007] <... munmap resumed>) = 0 [pid 5011] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5008] <... munmap resumed>) = 0 [pid 5011] memfd_create("syzkaller", 0 [pid 5008] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5007] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5011] <... memfd_create resumed>) = 3 [pid 5009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5008] <... openat resumed>) = 4 [pid 5007] <... openat resumed>) = 4 [pid 5011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5008] ioctl(4, LOOP_SET_FD, 3 [pid 5007] ioctl(4, LOOP_SET_FD, 3 [pid 5011] <... mmap resumed>) = 0x7fd4da002000 [pid 5010] mkdir("./file0", 0777 [pid 5012] close(3) = 0 [pid 5012] mkdir("./file0", 0777) = 0 [pid 5012] mount("/dev/loop5", "./file0", "hfsplus", 0, "" [pid 5010] <... mkdir resumed>) = 0 [pid 5010] mount("/dev/loop3", "./file0", "hfsplus", 0, "" [pid 5007] <... ioctl resumed>) = 0 [pid 5011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5009] <... write resumed>) = 524288 [pid 5011] <... write resumed>) = 524288 [pid 5009] munmap(0x7fd4da002000, 524288 [pid 5011] munmap(0x7fd4da002000, 524288 [pid 5009] <... munmap resumed>) = 0 [pid 5008] <... ioctl resumed>) = 0 [pid 5007] close(3 [pid 5011] <... munmap resumed>) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5011] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5008] close(3 [pid 5007] <... close resumed>) = 0 [pid 5009] <... openat resumed>) = 4 [pid 5012] <... mount resumed>) = 0 [pid 5011] <... openat resumed>) = 4 [pid 5009] ioctl(4, LOOP_SET_FD, 3 [pid 5008] <... close resumed>) = 0 [ 41.768093][ T5012] loop5: detected capacity change from 0 to 1024 [ 41.782338][ T5008] loop1: detected capacity change from 0 to 1024 [ 41.789275][ T5007] loop0: detected capacity change from 0 to 1024 [pid 5007] mkdir("./file0", 0777 [pid 5012] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5011] ioctl(4, LOOP_SET_FD, 3 [pid 5012] <... openat resumed>) = 3 [pid 5012] chdir("./file0") = 0 [pid 5012] ioctl(4, LOOP_CLR_FD) = 0 [pid 5012] close(4) = 0 [pid 5012] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5012] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5009] <... ioctl resumed>) = 0 [pid 5009] close(3) = 0 [pid 5009] mkdir("./file0", 0777) = 0 [pid 5009] mount("/dev/loop2", "./file0", "hfsplus", 0, "" [pid 5008] mkdir("./file0", 0777 [pid 5011] <... ioctl resumed>) = 0 [pid 5008] <... mkdir resumed>) = 0 [pid 5007] <... mkdir resumed>) = 0 [pid 5011] close(3 [pid 5008] mount("/dev/loop1", "./file0", "hfsplus", 0, "" [pid 5007] mount("/dev/loop0", "./file0", "hfsplus", 0, "" [pid 5011] <... close resumed>) = 0 [pid 5010] <... mount resumed>) = 0 [pid 5008] <... mount resumed>) = 0 [pid 5011] mkdir("./file0", 0777 [pid 5008] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5011] <... mkdir resumed>) = 0 [pid 5010] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5008] <... openat resumed>) = 3 [pid 5011] mount("/dev/loop4", "./file0", "hfsplus", 0, "" [pid 5010] <... openat resumed>) = 3 [pid 5008] chdir("./file0" [pid 5010] chdir("./file0" [pid 5008] <... chdir resumed>) = 0 [pid 5010] <... chdir resumed>) = 0 [pid 5008] ioctl(4, LOOP_CLR_FD [pid 5011] <... mount resumed>) = 0 [pid 5010] ioctl(4, LOOP_CLR_FD [pid 5008] <... ioctl resumed>) = 0 [pid 5011] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5010] <... ioctl resumed>) = 0 [pid 5008] close(4 [pid 5011] <... openat resumed>) = 3 [pid 5010] close(4 [pid 5008] <... close resumed>) = 0 [pid 5011] chdir("./file0" [pid 5008] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5011] <... chdir resumed>) = 0 [pid 5008] <... openat resumed>) = 4 [pid 5011] ioctl(4, LOOP_CLR_FD [pid 5008] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5011] <... ioctl resumed>) = 0 [pid 5011] close(4) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5011] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5010] <... close resumed>) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5010] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5009] <... mount resumed>) = 0 [pid 5009] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5009] chdir("./file0") = 0 [pid 5009] ioctl(4, LOOP_CLR_FD) = 0 [pid 5009] close(4) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5009] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5012] <... ioctl resumed>) = 0 [pid 5011] <... ioctl resumed>) = 0 [ 41.816426][ T5009] loop2: detected capacity change from 0 to 1024 [ 41.823149][ T5011] loop4: detected capacity change from 0 to 1024 [pid 5008] <... ioctl resumed>) = 0 [pid 5010] <... ioctl resumed>) = 0 [pid 5009] <... ioctl resumed>) = 0 [pid 5011] exit_group(0) = ? [pid 5009] exit_group(0 [pid 5011] +++ exited with 0 +++ [pid 5009] <... exit_group resumed>) = ? [pid 5009] +++ exited with 0 +++ [pid 5012] exit_group(0) = ? [pid 5008] exit_group(0 [pid 5010] exit_group(0 [pid 5012] +++ exited with 0 +++ [pid 5008] <... exit_group resumed>) = ? [pid 5004] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5011, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5002] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5009, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5010] <... exit_group resumed>) = ? [pid 5008] +++ exited with 0 +++ [pid 5005] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5012, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5004] restart_syscall(<... resuming interrupted clone ...> [pid 5002] restart_syscall(<... resuming interrupted clone ...> [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5008, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5010] +++ exited with 0 +++ [pid 5002] <... restart_syscall resumed>) = 0 [pid 5004] <... restart_syscall resumed>) = 0 [pid 5003] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5010, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5005] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5003] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5004] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5003] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5002] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5005] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5004] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5003] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5005] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5004] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5003] <... openat resumed>) = 3 [pid 5002] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5001] <... openat resumed>) = 3 [pid 5005] <... openat resumed>) = 3 [pid 5005] fstat(3, [pid 5004] <... openat resumed>) = 3 [pid 5003] fstat(3, [pid 5002] <... openat resumed>) = 3 [pid 5001] fstat(3, [pid 5005] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5004] fstat(3, [pid 5003] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] fstat(3, [pid 5001] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5005] getdents64(3, [pid 5004] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, [pid 5003] getdents64(3, [pid 5005] <... getdents64 resumed>0x555555835620 /* 4 entries */, 32768) = 112 [pid 5002] getdents64(3, [pid 5004] getdents64(3, [pid 5003] <... getdents64 resumed>0x555555835620 /* 4 entries */, 32768) = 112 [pid 5005] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5004] <... getdents64 resumed>0x555555835620 /* 4 entries */, 32768) = 112 [pid 5001] <... getdents64 resumed>0x555555835620 /* 4 entries */, 32768) = 112 [pid 5005] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5003] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5002] <... getdents64 resumed>0x555555835620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5004] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5005] lstat("./0/binderfs", [pid 5003] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5002] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5005] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5004] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./0/binderfs", [pid 5005] unlink("./0/binderfs" [pid 5004] lstat("./0/binderfs", [pid 5003] lstat("./0/binderfs", [pid 5002] lstat("./0/binderfs", [pid 5001] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5005] <... unlink resumed>) = 0 [pid 5003] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5002] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5005] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5004] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./0/binderfs" [pid 5003] unlink("./0/binderfs" [pid 5002] unlink("./0/binderfs" [pid 5001] <... unlink resumed>) = 0 [pid 5004] unlink("./0/binderfs" [pid 5003] <... unlink resumed>) = 0 [pid 5004] <... unlink resumed>) = 0 [pid 5002] <... unlink resumed>) = 0 [pid 5004] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5003] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5002] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5007] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5007] ioctl(4, LOOP_CLR_FD [pid 5003] <... umount2 resumed>) = 0 [pid 5002] <... umount2 resumed>) = 0 [pid 5003] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5003] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5003] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5003] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 41.858904][ T5007] hfsplus: unable to set blocksize to 1024! [ 41.867073][ T5007] hfsplus: unable to find HFS+ superblock [pid 5005] <... umount2 resumed>) = 0 [pid 5004] <... umount2 resumed>) = 0 [pid 5003] fstat(4, [pid 5002] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] <... umount2 resumed>) = 0 [pid 5005] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5004] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5003] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5005] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5004] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5003] getdents64(4, [pid 5002] lstat("./0/file0", [pid 5005] lstat("./0/file0", [pid 5004] lstat("./0/file0", [pid 5003] <... getdents64 resumed>0x55555583d660 /* 2 entries */, 32768) = 48 [pid 5005] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5004] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5003] getdents64(4, [pid 5002] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5005] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5004] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5003] <... getdents64 resumed>0x55555583d660 /* 0 entries */, 32768) = 0 [pid 5002] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5005] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5004] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5003] close(4 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./0/file0", [pid 5005] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5004] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5003] <... close resumed>) = 0 [pid 5002] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5001] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5005] <... openat resumed>) = 4 [pid 5004] <... openat resumed>) = 4 [pid 5003] rmdir("./0/file0" [pid 5002] <... openat resumed>) = 4 [pid 5001] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5007] <... ioctl resumed>) = 0 [pid 5005] fstat(4, [pid 5004] fstat(4, [pid 5003] <... rmdir resumed>) = 0 [pid 5002] fstat(4, [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5007] close(4 [pid 5005] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5004] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5003] getdents64(3, [pid 5002] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5007] <... close resumed>) = 0 [pid 5005] getdents64(4, [pid 5004] getdents64(4, [pid 5003] <... getdents64 resumed>0x555555835620 /* 0 entries */, 32768) = 0 [pid 5002] getdents64(4, [pid 5001] <... openat resumed>) = 4 [pid 5007] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5005] <... getdents64 resumed>0x55555583d660 /* 2 entries */, 32768) = 48 [pid 5004] <... getdents64 resumed>0x55555583d660 /* 2 entries */, 32768) = 48 [pid 5003] close(3 [pid 5002] <... getdents64 resumed>0x55555583d660 /* 2 entries */, 32768) = 48 [pid 5001] fstat(4, [pid 5007] <... openat resumed>) = 3 [pid 5005] getdents64(4, [pid 5004] getdents64(4, [pid 5003] <... close resumed>) = 0 [pid 5002] getdents64(4, [pid 5001] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 5005] <... getdents64 resumed>0x55555583d660 /* 0 entries */, 32768) = 0 [pid 5004] <... getdents64 resumed>0x55555583d660 /* 0 entries */, 32768) = 0 [pid 5003] rmdir("./0" [pid 5001] getdents64(4, [pid 5007] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5005] close(4 [pid 5004] close(4 [pid 5003] <... rmdir resumed>) = 0 [pid 5002] <... getdents64 resumed>0x55555583d660 /* 0 entries */, 32768) = 0 [pid 5001] <... getdents64 resumed>0x55555583d660 /* 2 entries */, 32768) = 48 [pid 5007] exit_group(0 [pid 5005] <... close resumed>) = 0 [pid 5004] <... close resumed>) = 0 [pid 5003] mkdir("./1", 0777 [pid 5002] close(4 [pid 5001] getdents64(4, [pid 5007] <... exit_group resumed>) = ? [pid 5004] rmdir("./0/file0" [pid 5003] <... mkdir resumed>) = 0 [pid 5002] <... close resumed>) = 0 [pid 5001] <... getdents64 resumed>0x55555583d660 /* 0 entries */, 32768) = 0 [pid 5007] +++ exited with 0 +++ [pid 5004] <... rmdir resumed>) = 0 [pid 5003] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5002] rmdir("./0/file0" [pid 5001] close(4 [pid 5004] getdents64(3, [pid 5003] <... openat resumed>) = 3 [pid 5002] <... rmdir resumed>) = 0 [pid 5001] <... close resumed>) = 0 [pid 5004] <... getdents64 resumed>0x555555835620 /* 0 entries */, 32768) = 0 [pid 5003] ioctl(3, LOOP_CLR_FD [pid 5002] getdents64(3, [pid 5001] rmdir("./0/file0" [pid 5000] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5007, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5004] close(3 [pid 5003] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5002] <... getdents64 resumed>0x555555835620 /* 0 entries */, 32768) = 0 [pid 5001] <... rmdir resumed>) = 0 [pid 5000] restart_syscall(<... resuming interrupted clone ...> [pid 5004] <... close resumed>) = 0 [pid 5003] close(3 [pid 5002] close(3 [pid 5001] getdents64(3, [pid 5000] <... restart_syscall resumed>) = 0 [pid 5004] rmdir("./0" [pid 5003] <... close resumed>) = 0 [pid 5002] <... close resumed>) = 0 [pid 5001] <... getdents64 resumed>0x555555835620 /* 0 entries */, 32768) = 0 [pid 5004] <... rmdir resumed>) = 0 [pid 5003] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5002] rmdir("./0" [pid 5001] close(3 [pid 5005] rmdir("./0/file0" [pid 5004] mkdir("./1", 0777 [pid 5002] <... rmdir resumed>) = 0 [pid 5001] <... close resumed>) = 0 [pid 5000] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5005] <... rmdir resumed>) = 0 [pid 5004] <... mkdir resumed>) = 0 [pid 5003] <... clone resumed>, child_tidptr=0x5555558345d0) = 5018 [pid 5002] mkdir("./1", 0777 [pid 5001] rmdir("./0" [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5005] getdents64(3, [pid 5004] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5002] <... mkdir resumed>) = 0 [pid 5001] <... rmdir resumed>) = 0 [pid 5000] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5005] <... getdents64 resumed>0x555555835620 /* 0 entries */, 32768) = 0 [pid 5004] <... openat resumed>) = 3 [pid 5002] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5001] mkdir("./1", 0777 [pid 5000] <... openat resumed>) = 3 [pid 5005] close(3 [pid 5004] ioctl(3, LOOP_CLR_FD [pid 5002] <... openat resumed>) = 3 [pid 5001] <... mkdir resumed>) = 0 [pid 5000] fstat(3, [pid 5005] <... close resumed>) = 0 [pid 5004] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5002] ioctl(3, LOOP_CLR_FD [pid 5001] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5000] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 5018 attached [pid 5005] rmdir("./0" [pid 5004] close(3 [pid 5002] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5001] <... openat resumed>) = 3 [pid 5000] getdents64(3, [pid 5018] chdir("./1" [pid 5005] <... rmdir resumed>) = 0 [pid 5004] <... close resumed>) = 0 [pid 5002] close(3 [pid 5001] ioctl(3, LOOP_CLR_FD [pid 5000] <... getdents64 resumed>0x555555835620 /* 4 entries */, 32768) = 112 [pid 5018] <... chdir resumed>) = 0 [pid 5004] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5002] <... close resumed>) = 0 [pid 5001] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5000] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5002] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5001] close(3 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... prctl resumed>) = 0 [pid 5005] mkdir("./1", 0777 [pid 5004] <... clone resumed>, child_tidptr=0x5555558345d0) = 5019 [pid 5001] <... close resumed>) = 0 [pid 5000] lstat("./0/binderfs", [pid 5018] setpgid(0, 0 [pid 5002] <... clone resumed>, child_tidptr=0x5555558345d0) = 5020 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5000] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5018] <... setpgid resumed>) = 0 [pid 5000] unlink("./0/binderfs" [pid 5005] <... mkdir resumed>) = 0 [pid 5018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5001] <... clone resumed>, child_tidptr=0x5555558345d0) = 5021 [pid 5000] <... unlink resumed>) = 0 [pid 5018] <... openat resumed>) = 3 [pid 5000] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] write(3, "1000", 4 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... write resumed>) = 4 [pid 5000] lstat("./0/file0", ./strace-static-x86_64: Process 5019 attached [pid 5018] close(3 [pid 5000] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 5020 attached [pid 5019] chdir("./1" [pid 5018] <... close resumed>) = 0 [pid 5005] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5000] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5020] chdir("./1" [pid 5019] <... chdir resumed>) = 0 [pid 5018] symlink("/dev/binderfs", "./binderfs" [pid 5005] <... openat resumed>) = 3 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5020] <... chdir resumed>) = 0 [pid 5019] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5018] <... symlink resumed>) = 0 [pid 5005] ioctl(3, LOOP_CLR_FD [pid 5000] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5020] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5019] <... prctl resumed>) = 0 [pid 5018] memfd_create("syzkaller", 0 [pid 5005] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5000] <... openat resumed>) = 4 [pid 5020] <... prctl resumed>) = 0 [pid 5019] setpgid(0, 0 [pid 5018] <... memfd_create resumed>) = 3 [pid 5005] close(3 [pid 5000] fstat(4, [pid 5020] setpgid(0, 0 [pid 5019] <... setpgid resumed>) = 0 [pid 5018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5005] <... close resumed>) = 0 [pid 5000] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 5021 attached [pid 5020] <... setpgid resumed>) = 0 [pid 5019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5018] <... mmap resumed>) = 0x7fd4da002000 [pid 5005] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5000] getdents64(4, [pid 5020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5019] <... openat resumed>) = 3 [pid 5018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5000] <... getdents64 resumed>0x55555583d660 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 5022 attached [pid 5021] chdir("./1" [pid 5020] <... openat resumed>) = 3 [pid 5019] write(3, "1000", 4 [pid 5000] getdents64(4, [pid 5022] chdir("./1" [pid 5021] <... chdir resumed>) = 0 [pid 5020] write(3, "1000", 4 [pid 5019] <... write resumed>) = 4 [pid 5005] <... clone resumed>, child_tidptr=0x5555558345d0) = 5022 [pid 5000] <... getdents64 resumed>0x55555583d660 /* 0 entries */, 32768) = 0 [pid 5022] <... chdir resumed>) = 0 [pid 5021] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5020] <... write resumed>) = 4 [pid 5019] close(3 [pid 5000] close(4 [pid 5022] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5021] <... prctl resumed>) = 0 [pid 5020] close(3 [pid 5019] <... close resumed>) = 0 [pid 5000] <... close resumed>) = 0 [pid 5022] <... prctl resumed>) = 0 [pid 5021] setpgid(0, 0 [pid 5020] <... close resumed>) = 0 [pid 5019] symlink("/dev/binderfs", "./binderfs" [pid 5000] rmdir("./0/file0" [pid 5022] setpgid(0, 0 [pid 5021] <... setpgid resumed>) = 0 [pid 5020] symlink("/dev/binderfs", "./binderfs" [pid 5019] <... symlink resumed>) = 0 [pid 5018] <... write resumed>) = 524288 [pid 5022] <... setpgid resumed>) = 0 [pid 5021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5000] <... rmdir resumed>) = 0 [pid 5022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5021] <... openat resumed>) = 3 [pid 5020] <... symlink resumed>) = 0 [pid 5019] memfd_create("syzkaller", 0 [pid 5018] munmap(0x7fd4da002000, 524288 [pid 5000] getdents64(3, [pid 5022] <... openat resumed>) = 3 [pid 5021] write(3, "1000", 4 [pid 5020] memfd_create("syzkaller", 0 [pid 5019] <... memfd_create resumed>) = 3 [pid 5018] <... munmap resumed>) = 0 [pid 5000] <... getdents64 resumed>0x555555835620 /* 0 entries */, 32768) = 0 [pid 5022] write(3, "1000", 4 [pid 5021] <... write resumed>) = 4 [pid 5020] <... memfd_create resumed>) = 3 [pid 5019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5000] close(3 [pid 5022] <... write resumed>) = 4 [pid 5021] close(3 [pid 5020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... mmap resumed>) = 0x7fd4da002000 [pid 5018] <... openat resumed>) = 4 [pid 5000] <... close resumed>) = 0 [pid 5022] close(3 [pid 5021] <... close resumed>) = 0 [pid 5020] <... mmap resumed>) = 0x7fd4da002000 [pid 5019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5018] ioctl(4, LOOP_SET_FD, 3 [pid 5000] rmdir("./0" [pid 5022] <... close resumed>) = 0 [pid 5021] symlink("/dev/binderfs", "./binderfs" [pid 5020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5022] symlink("/dev/binderfs", "./binderfs" [pid 5021] <... symlink resumed>) = 0 [pid 5000] <... rmdir resumed>) = 0 [pid 5022] <... symlink resumed>) = 0 [pid 5021] memfd_create("syzkaller", 0 [pid 5000] mkdir("./1", 0777 [pid 5022] memfd_create("syzkaller", 0 [pid 5021] <... memfd_create resumed>) = 3 [pid 5022] <... memfd_create resumed>) = 3 [pid 5021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5000] <... mkdir resumed>) = 0 [pid 5022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5021] <... mmap resumed>) = 0x7fd4da002000 [pid 5022] <... mmap resumed>) = 0x7fd4da002000 [pid 5021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5021] <... write resumed>) = 524288 [pid 5020] <... write resumed>) = 524288 [pid 5019] <... write resumed>) = 524288 [pid 5018] <... ioctl resumed>) = 0 [pid 5000] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5020] munmap(0x7fd4da002000, 524288 [pid 5019] munmap(0x7fd4da002000, 524288 [pid 5018] close(3 [pid 5000] <... openat resumed>) = 3 [pid 5021] munmap(0x7fd4da002000, 524288 [pid 5020] <... munmap resumed>) = 0 [pid 5019] <... munmap resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5000] ioctl(3, LOOP_CLR_FD [pid 5021] <... munmap resumed>) = 0 [pid 5020] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5019] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5018] mkdir("./file0", 0777 [pid 5000] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5022] <... write resumed>) = 524288 [pid 5021] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5020] <... openat resumed>) = 4 [pid 5019] <... openat resumed>) = 4 [pid 5018] <... mkdir resumed>) = 0 [pid 5000] close(3 [pid 5022] munmap(0x7fd4da002000, 524288 [pid 5021] <... openat resumed>) = 4 [pid 5020] ioctl(4, LOOP_SET_FD, 3 [pid 5019] ioctl(4, LOOP_SET_FD, 3 [pid 5018] mount("/dev/loop3", "./file0", "hfsplus", 0, "" [pid 5000] <... close resumed>) = 0 [pid 5022] <... munmap resumed>) = 0 [pid 5022] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5022] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5022] close(3) = 0 [pid 5022] mkdir("./file0", 0777) = 0 [pid 5022] mount("/dev/loop5", "./file0", "hfsplus", 0, "") = 0 [pid 5022] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5022] chdir("./file0") = 0 [pid 5022] ioctl(4, LOOP_CLR_FD) = 0 [pid 5022] close(4) = 0 [pid 5022] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5022] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5020] <... ioctl resumed>) = 0 [pid 5022] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5022] exit_group(0) = ? [pid 5022] +++ exited with 0 +++ [pid 5005] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5022, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5005] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5005] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5005] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5005] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5005] getdents64(3, 0x555555835620 /* 4 entries */, 32768) = 112 [pid 5005] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5005] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5005] unlink("./1/binderfs") = 0 [pid 5005] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5021] ioctl(4, LOOP_SET_FD, 3 [pid 5020] close(3 [pid 5019] <... ioctl resumed>) = 0 [pid 5000] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5005] <... umount2 resumed>) = 0 [pid 5005] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5005] lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5005] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5005] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5005] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5005] getdents64(4, 0x55555583d660 /* 2 entries */, 32768) = 48 [pid 5005] getdents64(4, 0x55555583d660 /* 0 entries */, 32768) = 0 [pid 5005] close(4) = 0 [pid 5005] rmdir("./1/file0") = 0 [pid 5005] getdents64(3, 0x555555835620 /* 0 entries */, 32768) = 0 [pid 5005] close(3) = 0 [pid 5005] rmdir("./1") = 0 [pid 5005] mkdir("./2", 0777 [pid 5019] close(3 [pid 5005] <... mkdir resumed>) = 0 [pid 5000] <... clone resumed>, child_tidptr=0x5555558345d0) = 5023 [pid 5005] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5018] <... mount resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5020] <... close resumed>) = 0 [pid 5019] mkdir("./file0", 0777 [pid 5018] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5020] mkdir("./file0", 0777 [pid 5005] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5019] <... mkdir resumed>) = 0 [pid 5005] close(3 [pid 5018] <... openat resumed>) = 3 [pid 5005] <... close resumed>) = 0 [pid 5019] mount("/dev/loop4", "./file0", "hfsplus", 0, "" [pid 5018] chdir("./file0" [pid 5005] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5018] <... chdir resumed>) = 0 [pid 5018] ioctl(4, LOOP_CLR_FD) = 0 [pid 5018] close(4) = 0 [pid 5020] <... mkdir resumed>) = 0 [pid 5020] mount("/dev/loop2", "./file0", "hfsplus", 0, "" [pid 5018] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5019] <... mount resumed>) = 0 [pid 5018] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5019] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5021] <... ioctl resumed>) = 0 [pid 5019] <... openat resumed>) = 3 [pid 5018] exit_group(0 [pid 5005] <... clone resumed>, child_tidptr=0x5555558345d0) = 5024 [pid 5021] close(3 [pid 5019] chdir("./file0" [pid 5018] <... exit_group resumed>) = ? [pid 5019] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 5023 attached [pid 5018] +++ exited with 0 +++ [pid 5023] chdir("./1" [pid 5021] <... close resumed>) = 0 [pid 5020] <... mount resumed>) = 0 [pid 5019] ioctl(4, LOOP_CLR_FD [pid 5003] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5018, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5023] <... chdir resumed>) = 0 [pid 5021] mkdir("./file0", 0777 [pid 5020] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5019] <... ioctl resumed>) = 0 [pid 5023] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5020] <... openat resumed>) = 3 [pid 5019] close(4 [pid 5023] <... prctl resumed>) = 0 [pid 5021] <... mkdir resumed>) = 0 [pid 5020] chdir("./file0" [pid 5019] <... close resumed>) = 0 [pid 5003] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5023] setpgid(0, 0 [pid 5021] mount("/dev/loop1", "./file0", "hfsplus", 0, "" [pid 5020] <... chdir resumed>) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5003] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5024 attached [pid 5023] <... setpgid resumed>) = 0 [pid 5024] chdir("./2" [pid 5023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5024] <... chdir resumed>) = 0 [pid 5023] <... openat resumed>) = 3 [pid 5003] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5024] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5023] write(3, "1000", 4 [pid 5020] ioctl(4, LOOP_CLR_FD [pid 5019] <... openat resumed>) = 4 [pid 5024] <... prctl resumed>) = 0 [pid 5023] <... write resumed>) = 4 [pid 5020] <... ioctl resumed>) = 0 [pid 5019] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5003] <... openat resumed>) = 3 [pid 5024] setpgid(0, 0 [pid 5023] close(3 [pid 5020] close(4 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5003] fstat(3, [pid 5024] <... setpgid resumed>) = 0 [pid 5023] <... close resumed>) = 0 [pid 5021] <... mount resumed>) = 0 [pid 5020] <... close resumed>) = 0 [pid 5019] exit_group(0 [pid 5003] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5023] symlink("/dev/binderfs", "./binderfs" [pid 5021] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5020] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5019] <... exit_group resumed>) = ? [pid 5003] getdents64(3, [pid 5024] <... openat resumed>) = 3 [pid 5023] <... symlink resumed>) = 0 [pid 5021] <... openat resumed>) = 3 [pid 5020] <... openat resumed>) = 4 [pid 5024] write(3, "1000", 4 [pid 5023] memfd_create("syzkaller", 0 [pid 5021] chdir("./file0" [pid 5020] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5019] +++ exited with 0 +++ [pid 5003] <... getdents64 resumed>0x555555835620 /* 4 entries */, 32768) = 112 [pid 5024] <... write resumed>) = 4 [pid 5023] <... memfd_create resumed>) = 3 [pid 5021] <... chdir resumed>) = 0 [pid 5020] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5004] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5019, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5003] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5024] close(3 [pid 5023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5021] ioctl(4, LOOP_CLR_FD [pid 5020] exit_group(0 [pid 5003] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5024] <... close resumed>) = 0 [ 42.047124][ T5018] loop3: detected capacity change from 0 to 1024 [ 42.064291][ T5022] loop5: detected capacity change from 0 to 1024 [ 42.067901][ T5020] loop2: detected capacity change from 0 to 1024 [ 42.077075][ T5019] loop4: detected capacity change from 0 to 1024 [ 42.087558][ T5021] loop1: detected capacity change from 0 to 1024 [pid 5023] <... mmap resumed>) = 0x7fd4da002000 [pid 5021] <... ioctl resumed>) = 0 [pid 5020] <... exit_group resumed>) = ? [pid 5003] lstat("./1/binderfs", [pid 5024] symlink("/dev/binderfs", "./binderfs" [pid 5023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5021] close(4 [pid 5024] <... symlink resumed>) = 0 [pid 5023] <... write resumed>) = 524288 [pid 5020] +++ exited with 0 +++ [pid 5003] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5024] memfd_create("syzkaller", 0 [pid 5023] munmap(0x7fd4da002000, 524288 [pid 5024] <... memfd_create resumed>) = 3 [pid 5023] <... munmap resumed>) = 0 [pid 5002] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5020, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5023] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5021] <... close resumed>) = 0 [pid 5002] restart_syscall(<... resuming interrupted clone ...> [pid 5024] <... mmap resumed>) = 0x7fd4da002000 [pid 5023] <... openat resumed>) = 4 [pid 5021] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5003] unlink("./1/binderfs" [pid 5002] <... restart_syscall resumed>) = 0 [pid 5024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5023] ioctl(4, LOOP_SET_FD, 3 [pid 5021] <... openat resumed>) = 4 [pid 5004] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5003] <... unlink resumed>) = 0 [pid 5024] <... write resumed>) = 524288 [pid 5021] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5024] munmap(0x7fd4da002000, 524288 [pid 5004] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5003] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5002] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5024] <... munmap resumed>) = 0 [pid 5004] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5024] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5004] <... openat resumed>) = 3 [pid 5002] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5024] <... openat resumed>) = 4 [pid 5004] fstat(3, [pid 5002] <... openat resumed>) = 3 [pid 5024] ioctl(4, LOOP_SET_FD, 3 [pid 5004] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] fstat(3, [pid 5004] getdents64(3, [pid 5003] <... umount2 resumed>) = 0 [pid 5002] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] getdents64(3, [pid 5004] <... getdents64 resumed>0x555555835620 /* 4 entries */, 32768) = 112 [pid 5003] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5002] <... getdents64 resumed>0x555555835620 /* 4 entries */, 32768) = 112 [pid 5004] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5003] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5002] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5004] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5003] lstat("./1/file0", [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5004] lstat("./1/binderfs", [pid 5003] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] lstat("./1/binderfs", [pid 5004] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5003] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5002] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5004] unlink("./1/binderfs" [pid 5003] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5002] unlink("./1/binderfs" [pid 5004] <... unlink resumed>) = 0 [pid 5003] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5002] <... unlink resumed>) = 0 [pid 5004] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5003] <... openat resumed>) = 4 [pid 5002] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5003] fstat(4, [pid 5004] <... umount2 resumed>) = 0 [pid 5003] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] <... umount2 resumed>) = 0 [pid 5023] <... ioctl resumed>) = 0 [pid 5004] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5003] getdents64(4, [pid 5002] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5024] <... ioctl resumed>) = 0 [pid 5023] close(3 [pid 5024] close(3 [pid 5004] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5003] <... getdents64 resumed>0x55555583d660 /* 2 entries */, 32768) = 48 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5024] <... close resumed>) = 0 [pid 5023] <... close resumed>) = 0 [pid 5004] lstat("./1/file0", [pid 5003] getdents64(4, [pid 5002] lstat("./1/file0", [pid 5024] mkdir("./file0", 0777 [pid 5023] mkdir("./file0", 0777 [pid 5004] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5003] <... getdents64 resumed>0x55555583d660 /* 0 entries */, 32768) = 0 [pid 5002] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5024] <... mkdir resumed>) = 0 [pid 5004] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5003] close(4 [ 42.143471][ T5023] loop0: detected capacity change from 0 to 1024 [ 42.155160][ T5024] loop5: detected capacity change from 0 to 1024 [pid 5002] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5024] mount("/dev/loop5", "./file0", "hfsplus", 0, "" [pid 5023] <... mkdir resumed>) = 0 [pid 5004] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5003] <... close resumed>) = 0 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5004] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5003] rmdir("./1/file0" [pid 5002] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5004] <... openat resumed>) = 4 [pid 5003] <... rmdir resumed>) = 0 [pid 5002] <... openat resumed>) = 4 [pid 5023] mount("/dev/loop0", "./file0", "hfsplus", 0, "" [pid 5004] fstat(4, [pid 5003] getdents64(3, [pid 5002] fstat(4, [pid 5004] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5003] <... getdents64 resumed>0x555555835620 /* 0 entries */, 32768) = 0 [pid 5002] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5004] getdents64(4, [pid 5003] close(3 [pid 5002] getdents64(4, [pid 5024] <... mount resumed>) = 0 [pid 5004] <... getdents64 resumed>0x55555583d660 /* 2 entries */, 32768) = 48 [pid 5003] <... close resumed>) = 0 [pid 5002] <... getdents64 resumed>0x55555583d660 /* 2 entries */, 32768) = 48 [pid 5004] getdents64(4, [pid 5003] rmdir("./1" [pid 5002] getdents64(4, [pid 5024] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5004] <... getdents64 resumed>0x55555583d660 /* 0 entries */, 32768) = 0 [pid 5003] <... rmdir resumed>) = 0 [pid 5002] <... getdents64 resumed>0x55555583d660 /* 0 entries */, 32768) = 0 [pid 5024] <... openat resumed>) = 3 [pid 5004] close(4 [pid 5003] mkdir("./2", 0777 [pid 5002] close(4 [pid 5024] chdir("./file0" [pid 5004] <... close resumed>) = 0 [pid 5003] <... mkdir resumed>) = 0 [pid 5002] <... close resumed>) = 0 [pid 5024] <... chdir resumed>) = 0 [pid 5004] rmdir("./1/file0" [pid 5003] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5002] rmdir("./1/file0" [pid 5024] ioctl(4, LOOP_CLR_FD [pid 5004] <... rmdir resumed>) = 0 [pid 5003] <... openat resumed>) = 3 [pid 5002] <... rmdir resumed>) = 0 [pid 5024] <... ioctl resumed>) = 0 [pid 5004] getdents64(3, [pid 5003] ioctl(3, LOOP_CLR_FD [pid 5002] getdents64(3, [pid 5024] close(4 [pid 5004] <... getdents64 resumed>0x555555835620 /* 0 entries */, 32768) = 0 [pid 5003] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5002] <... getdents64 resumed>0x555555835620 /* 0 entries */, 32768) = 0 [pid 5024] <... close resumed>) = 0 [pid 5004] close(3 [pid 5003] close(3 [pid 5002] close(3 [pid 5004] <... close resumed>) = 0 [pid 5003] <... close resumed>) = 0 [pid 5002] <... close resumed>) = 0 [pid 5004] rmdir("./1" [pid 5003] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5002] rmdir("./1" [pid 5004] <... rmdir resumed>) = 0 [pid 5002] <... rmdir resumed>) = 0 [pid 5004] mkdir("./2", 0777 [pid 5003] <... clone resumed>, child_tidptr=0x5555558345d0) = 5025 [pid 5002] mkdir("./2", 0777 [pid 5004] <... mkdir resumed>) = 0 [pid 5002] <... mkdir resumed>) = 0 [pid 5004] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5002] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5004] <... openat resumed>) = 3 [pid 5002] <... openat resumed>) = 3 [pid 5024] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5021] <... ioctl resumed>) = 0 [pid 5004] ioctl(3, LOOP_CLR_FD [pid 5002] ioctl(3, LOOP_CLR_FD [pid 5004] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5002] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5004] close(3 [pid 5002] close(3 [pid 5004] <... close resumed>) = 0 [pid 5002] <... close resumed>) = 0 [pid 5004] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5002] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5004] <... clone resumed>, child_tidptr=0x5555558345d0) = 5026 [pid 5002] <... clone resumed>, child_tidptr=0x5555558345d0) = 5027 ./strace-static-x86_64: Process 5025 attached [pid 5025] chdir("./2") = 0 [pid 5025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5025] setpgid(0, 0) = 0 [pid 5025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5025] write(3, "1000", 4) = 4 [pid 5025] close(3) = 0 [pid 5025] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5025] memfd_create("syzkaller", 0) = 3 ./strace-static-x86_64: Process 5026 attached [pid 5025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5026] chdir("./2" [pid 5025] <... mmap resumed>) = 0x7fd4da002000 [pid 5026] <... chdir resumed>) = 0 [pid 5025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5026] setpgid(0, 0) = 0 [pid 5026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5026] write(3, "1000", 4) = 4 [pid 5026] close(3 [pid 5025] <... write resumed>) = 524288 [pid 5026] <... close resumed>) = 0 [pid 5026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5026] memfd_create("syzkaller", 0) = 3 [pid 5026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd4da002000 [pid 5026] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5025] munmap(0x7fd4da002000, 524288) = 0 [pid 5025] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 42.228580][ T5023] ================================================================== [ 42.236684][ T5023] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0xf62/0x1020 [ 42.244961][ T5023] Read of size 2 at addr ffff88801eaca000 by task syz-executor201/5023 [ 42.253195][ T5023] [ 42.255518][ T5023] CPU: 0 PID: 5023 Comm: syz-executor201 Not tainted 6.4.0-rc6-syzkaller-00049-g62d8779610bb #0 [ 42.266017][ T5023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [pid 5025] ioctl(4, LOOP_SET_FD, 3 [pid 5026] <... write resumed>) = 524288 [pid 5026] munmap(0x7fd4da002000, 524288) = 0 [pid 5026] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5026] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5026] close(3) = 0 [pid 5026] mkdir("./file0", 0777) = 0 [pid 5026] mount("/dev/loop4", "./file0", "hfsplus", 0, "") = 0 [pid 5026] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5026] chdir("./file0") = 0 [pid 5026] ioctl(4, LOOP_CLR_FD) = 0 [pid 5026] close(4) = 0 [pid 5026] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5026] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048) = 0 [pid 5026] exit_group(0) = ? [pid 5026] +++ exited with 0 +++ [pid 5004] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5026, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5004] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5004] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5004] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5004] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5004] getdents64(3, 0x555555835620 /* 4 entries */, 32768) = 112 [pid 5004] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5004] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 42.266939][ T5025] loop3: detected capacity change from 0 to 1024 [ 42.276060][ T5023] Call Trace: [ 42.276071][ T5023] [ 42.276078][ T5023] dump_stack_lvl+0xd9/0x150 [ 42.290594][ T5026] loop4: detected capacity change from 0 to 1024 [ 42.293143][ T5023] print_address_description.constprop.0+0x2c/0x3c0 [ 42.293177][ T5023] ? hfsplus_read_wrapper+0xf62/0x1020 [ 42.311511][ T5023] kasan_report+0x11c/0x130 [ 42.316030][ T5023] ? hfsplus_read_wrapper+0xf62/0x1020 [ 42.321514][ T5023] hfsplus_read_wrapper+0xf62/0x1020 [pid 5004] unlink("./2/binderfs") = 0 [pid 5004] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] <... ioctl resumed>) = 0 [pid 5025] close(3) = 0 [pid 5025] mkdir("./file0", 0777) = 0 [ 42.326815][ T5023] ? lock_downgrade+0x690/0x690 [ 42.331681][ T5023] ? hfsplus_submit_bio+0x2b0/0x2b0 [ 42.336896][ T5023] ? spin_bug+0x1c0/0x1c0 [ 42.341254][ T5023] ? mark_held_locks+0x9f/0xe0 [ 42.346032][ T5023] ? do_raw_spin_unlock+0x175/0x230 [ 42.351224][ T5023] ? _raw_spin_unlock+0x28/0x40 [ 42.356065][ T5023] ? find_nls+0x121/0x160 [ 42.360388][ T5023] hfsplus_fill_super+0x312/0x1c40 [ 42.365504][ T5023] ? ip6_addr_string_sa+0x830/0x830 [ 42.370691][ T5023] ? hfsplus_iget+0x7c0/0x7c0 [ 42.375360][ T5023] ? bdev_name.constprop.0+0x270/0x4d0 [ 42.380809][ T5023] ? fourcc_string+0x770/0x770 [ 42.385562][ T5023] ? pointer+0x173/0xc50 [ 42.389791][ T5023] ? resource_string.isra.0+0x5f/0x16c0 [ 42.395326][ T5023] ? resource_string.isra.0+0x16c0/0x16c0 [ 42.401038][ T5023] ? vsnprintf+0x4df/0x1710 [ 42.405534][ T5023] ? pointer+0xc50/0xc50 [ 42.409789][ T5023] ? snprintf+0xbf/0x100 [ 42.414020][ T5023] ? vsprintf+0x30/0x30 [ 42.418186][ T5023] ? wait_for_completion_io_timeout+0x20/0x20 [ 42.424265][ T5023] ? set_blocksize+0x2d8/0x370 [ 42.429042][ T5023] mount_bdev+0x358/0x420 [ 42.433363][ T5023] ? hfsplus_iget+0x7c0/0x7c0 [ 42.438029][ T5023] ? zisofs_cleanup+0x20/0x20 [ 42.442697][ T5023] legacy_get_tree+0x109/0x220 [ 42.447455][ T5023] vfs_get_tree+0x8d/0x350 [ 42.451862][ T5023] path_mount+0x134b/0x1e40 [ 42.456478][ T5023] ? kmem_cache_free+0xe9/0x480 [ 42.461355][ T5023] ? finish_automount+0x9b0/0x9b0 [ 42.466372][ T5023] ? putname+0x102/0x140 [ 42.470623][ T5023] __x64_sys_mount+0x283/0x300 [ 42.475375][ T5023] ? copy_mnt_ns+0xb30/0xb30 [ 42.479962][ T5023] ? lockdep_hardirqs_on+0x7d/0x100 [ 42.485150][ T5023] ? _raw_spin_unlock_irq+0x2e/0x50 [ 42.490341][ T5023] ? ptrace_notify+0xfe/0x140 [ 42.495013][ T5023] do_syscall_64+0x39/0xb0 [ 42.499413][ T5023] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.505302][ T5023] RIP: 0033:0x7fd4e2450f1a [ 42.509703][ T5023] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 42.529300][ T5023] RSP: 002b:00007ffefe3b3d08 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 42.537699][ T5023] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd4e2450f1a [ 42.545657][ T5023] RDX: 0000000020000600 RSI: 0000000020000640 RDI: 00007ffefe3b3d20 [ 42.553620][ T5023] RBP: 00007ffefe3b3d20 R08: 00007ffefe3b3d60 R09: 00000000000005cd [ 42.561579][ T5023] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004 [ 42.569538][ T5023] R13: 00005555558342c0 R14: 0000000000000000 R15: 00007ffefe3b3d60 [ 42.577586][ T5023] [ 42.580594][ T5023] [ 42.582899][ T5023] The buggy address belongs to the object at ffff88801eaca000 [ 42.582899][ T5023] which belongs to the cache kmalloc-512 of size 512 [ 42.596936][ T5023] The buggy address is located 0 bytes inside of [ 42.596936][ T5023] freed 512-byte region [ffff88801eaca000, ffff88801eaca200) [ 42.610807][ T5023] [ 42.613112][ T5023] The buggy address belongs to the physical page: [ 42.619501][ T5023] page:ffffea00007ab200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eac8 [ 42.629633][ T5023] head:ffffea00007ab200 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 42.638654][ T5023] ksm flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 42.646965][ T5023] page_type: 0xffffffff() [ 42.651280][ T5023] raw: 00fff00000010200 ffff888012441c80 ffffea0000879000 dead000000000003 [ 42.659848][ T5023] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 42.668410][ T5023] page dumped because: kasan: bad access detected [ 42.674801][ T5023] page_owner tracks the page as allocated [ 42.680494][ T5023] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 722, tgid 722 (kworker/u4:4), ts 5266554097, free_ts 0 [ 42.700793][ T5023] post_alloc_hook+0x2db/0x350 [ 42.705554][ T5023] get_page_from_freelist+0xf41/0x2c00 [ 42.711014][ T5023] __alloc_pages+0x1cb/0x4a0 [ 42.715595][ T5023] alloc_pages+0x1aa/0x270 [ 42.720000][ T5023] allocate_slab+0x25f/0x390 [ 42.724581][ T5023] ___slab_alloc+0xa91/0x1400 [ 42.729248][ T5023] __slab_alloc.constprop.0+0x56/0xa0 [ 42.734611][ T5023] __kmem_cache_alloc_node+0x136/0x320 [ 42.740080][ T5023] kmalloc_trace+0x26/0xe0 [ 42.744488][ T5023] alloc_bprm+0x51/0xba0 [ 42.748723][ T5023] kernel_execve+0xaf/0x500 [ 42.753222][ T5023] call_usermodehelper_exec_async+0x260/0x4e0 [ 42.759295][ T5023] ret_from_fork+0x1f/0x30 [ 42.763700][ T5023] page_owner free stack trace missing [ 42.769068][ T5023] [ 42.771377][ T5023] Memory state around the buggy address: [pid 5025] mount("/dev/loop3", "./file0", "hfsplus", 0, "" [pid 5024] <... openat resumed>) = 4 [pid 5021] exit_group(0 [pid 5024] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5021] <... exit_group resumed>) = ? [pid 5025] <... mount resumed>) = 0 [pid 5024] <... ioctl resumed>) = 0 [pid 5024] exit_group(0 [pid 5021] +++ exited with 0 +++ [pid 5025] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 5027 attached [pid 5024] <... exit_group resumed>) = ? [pid 5004] <... umount2 resumed>) = 0 [ 42.777006][ T5023] ffff88801eac9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.785050][ T5023] ffff88801eac9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.793105][ T5023] >ffff88801eaca000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.801165][ T5023] ^ [ 42.805210][ T5023] ffff88801eaca080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.813256][ T5023] ffff88801eaca100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.821383][ T5023] ================================================================== [pid 5004] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5004] lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5004] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5004] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5004] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5004] getdents64(4, 0x55555583d660 /* 2 entries */, 32768) = 48 [pid 5004] getdents64(4, 0x55555583d660 /* 0 entries */, 32768) = 0 [pid 5004] close(4) = 0 [pid 5004] rmdir("./2/file0") = 0 [pid 5004] getdents64(3, 0x555555835620 /* 0 entries */, 32768) = 0 [pid 5004] close(3) = 0 [pid 5004] rmdir("./2") = 0 [pid 5004] mkdir("./3", 0777) = 0 [pid 5004] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5004] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5004] close(3) = 0 [pid 5004] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558345d0) = 5028 ./strace-static-x86_64: Process 5028 attached [pid 5028] chdir("./3") = 0 [pid 5028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5028] setpgid(0, 0) = 0 [pid 5028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5028] write(3, "1000", 4) = 4 [pid 5028] close(3) = 0 [pid 5028] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5028] memfd_create("syzkaller", 0) = 3 [pid 5028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd4da002000 [pid 5028] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5028] munmap(0x7fd4da002000, 524288) = 0 [pid 5028] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5028] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5028] close(3) = 0 [pid 5028] mkdir("./file0", 0777) = 0 [ 42.841451][ T5023] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 42.848659][ T5023] CPU: 0 PID: 5023 Comm: syz-executor201 Not tainted 6.4.0-rc6-syzkaller-00049-g62d8779610bb #0 [ 42.859072][ T5023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 42.869131][ T5023] Call Trace: [ 42.872414][ T5023] [ 42.875348][ T5023] dump_stack_lvl+0xd9/0x150 [ 42.879963][ T5023] panic+0x686/0x730 [ 42.883870][ T5023] ? panic_smp_self_stop+0xa0/0xa0 [ 42.884449][ T5028] loop4: detected capacity change from 0 to 1024 [ 42.895293][ T5023] ? preempt_schedule_thunk+0x1a/0x20 [ 42.900663][ T5023] ? preempt_schedule_common+0x45/0xb0 [ 42.906114][ T5023] check_panic_on_warn+0xb1/0xc0 [ 42.911044][ T5023] end_report+0xe9/0x120 [ 42.915286][ T5023] ? hfsplus_read_wrapper+0xf62/0x1020 [ 42.920737][ T5023] kasan_report+0xf9/0x130 [ 42.925145][ T5023] ? hfsplus_read_wrapper+0xf62/0x1020 [ 42.930601][ T5023] hfsplus_read_wrapper+0xf62/0x1020 [ 42.935879][ T5023] ? lock_downgrade+0x690/0x690 [ 42.940723][ T5023] ? hfsplus_submit_bio+0x2b0/0x2b0 [ 42.945931][ T5023] ? spin_bug+0x1c0/0x1c0 [ 42.950256][ T5023] ? mark_held_locks+0x9f/0xe0 [ 42.955011][ T5023] ? do_raw_spin_unlock+0x175/0x230 [ 42.960199][ T5023] ? _raw_spin_unlock+0x28/0x40 [ 42.965065][ T5023] ? find_nls+0x121/0x160 [ 42.969383][ T5023] hfsplus_fill_super+0x312/0x1c40 [ 42.974484][ T5023] ? ip6_addr_string_sa+0x830/0x830 [ 42.979675][ T5023] ? hfsplus_iget+0x7c0/0x7c0 [ 42.984437][ T5023] ? bdev_name.constprop.0+0x270/0x4d0 [ 42.990086][ T5023] ? fourcc_string+0x770/0x770 [ 42.994843][ T5023] ? pointer+0x173/0xc50 [ 42.999079][ T5023] ? resource_string.isra.0+0x5f/0x16c0 [ 43.004617][ T5023] ? resource_string.isra.0+0x16c0/0x16c0 [ 43.010327][ T5023] ? vsnprintf+0x4df/0x1710 [ 43.014818][ T5023] ? pointer+0xc50/0xc50 [ 43.019050][ T5023] ? snprintf+0xbf/0x100 [ 43.023285][ T5023] ? vsprintf+0x30/0x30 [ 43.027429][ T5023] ? wait_for_completion_io_timeout+0x20/0x20 [ 43.033484][ T5023] ? set_blocksize+0x2d8/0x370 [ 43.038242][ T5023] mount_bdev+0x358/0x420 [ 43.042563][ T5023] ? hfsplus_iget+0x7c0/0x7c0 [ 43.047229][ T5023] ? zisofs_cleanup+0x20/0x20 [ 43.051893][ T5023] legacy_get_tree+0x109/0x220 [ 43.056654][ T5023] vfs_get_tree+0x8d/0x350 [ 43.061061][ T5023] path_mount+0x134b/0x1e40 [ 43.065558][ T5023] ? kmem_cache_free+0xe9/0x480 [ 43.070400][ T5023] ? finish_automount+0x9b0/0x9b0 [ 43.075414][ T5023] ? putname+0x102/0x140 [ 43.079640][ T5023] __x64_sys_mount+0x283/0x300 [ 43.084396][ T5023] ? copy_mnt_ns+0xb30/0xb30 [ 43.088971][ T5023] ? lockdep_hardirqs_on+0x7d/0x100 [ 43.094161][ T5023] ? _raw_spin_unlock_irq+0x2e/0x50 [ 43.099352][ T5023] ? ptrace_notify+0xfe/0x140 [ 43.104021][ T5023] do_syscall_64+0x39/0xb0 [ 43.108421][ T5023] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 43.114311][ T5023] RIP: 0033:0x7fd4e2450f1a [ 43.118710][ T5023] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 43.138305][ T5023] RSP: 002b:00007ffefe3b3d08 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 43.146703][ T5023] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd4e2450f1a [ 43.154659][ T5023] RDX: 0000000020000600 RSI: 0000000020000640 RDI: 00007ffefe3b3d20 [ 43.162616][ T5023] RBP: 00007ffefe3b3d20 R08: 00007ffefe3b3d60 R09: 00000000000005cd [ 43.170574][ T5023] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004 [ 43.178531][ T5023] R13: 00005555558342c0 R14: 0000000000000000 R15: 00007ffefe3b3d60 [ 43.186490][ T5023] [ 43.190370][ T5023] Kernel Offset: disabled [ 43.194677][ T5023] Rebooting in 86400 seconds..