./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1549129089 <...> Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts. execve("./syz-executor1549129089", ["./syz-executor1549129089"], 0x7ffd4c07d930 /* 10 vars */) = 0 brk(NULL) = 0x555556eac000 brk(0x555556eacc40) = 0x555556eacc40 arch_prctl(ARCH_SET_FS, 0x555556eac300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1549129089", 4096) = 28 brk(0x555556ecdc40) = 0x555556ecdc40 brk(0x555556ece000) = 0x555556ece000 mprotect(0x7f816d89b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5007 attached , child_tidptr=0x555556eac5d0) = 5007 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5007] getpid(./strace-static-x86_64: Process 5008 attached ) = 5007 [pid 5007] mkdir("./syzkaller.jPSugO", 0700 [pid 5006] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5008 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556eac5d0) = 5009 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5008] getpid( [pid 5007] <... mkdir resumed>) = 0 [pid 5007] chmod("./syzkaller.jPSugO", 0777) = 0 [pid 5007] chdir("./syzkaller.jPSugO") = 0 ./strace-static-x86_64: Process 5010 attached ./strace-static-x86_64: Process 5009 attached [pid 5006] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5010 [pid 5008] <... getpid resumed>) = 5008 [pid 5007] mkdir("./0", 0777 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5008] mkdir("./syzkaller.qei0pR", 0700) = 0 [pid 5006] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5011 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5010] getpid( [pid 5009] getpid( [pid 5008] chmod("./syzkaller.qei0pR", 0777 [pid 5006] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5012 [pid 5008] <... chmod resumed>) = 0 [pid 5009] <... getpid resumed>) = 5009 ./strace-static-x86_64: Process 5012 attached [pid 5009] mkdir("./syzkaller.riiSqZ", 0700 [pid 5008] chdir("./syzkaller.qei0pR") = 0 [pid 5008] mkdir("./0", 0777 [pid 5012] getpid() = 5012 [pid 5012] mkdir("./syzkaller.HA9nJc", 0700./strace-static-x86_64: Process 5011 attached [pid 5008] <... mkdir resumed>) = 0 [pid 5011] getpid() = 5011 [pid 5011] mkdir("./syzkaller.heBym7", 0700 [pid 5009] <... mkdir resumed>) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD [pid 5009] chmod("./syzkaller.riiSqZ", 0777 [pid 5008] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5012] <... mkdir resumed>) = 0 [pid 5007] <... mkdir resumed>) = 0 [pid 5008] close(3 [pid 5012] chmod("./syzkaller.HA9nJc", 0777 [pid 5009] <... chmod resumed>) = 0 [pid 5012] <... chmod resumed>) = 0 [pid 5012] chdir("./syzkaller.HA9nJc") = 0 [pid 5012] mkdir("./0", 0777) = 0 [pid 5012] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5012] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5012] close(3) = 0 [pid 5012] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5011] <... mkdir resumed>) = 0 [pid 5011] chmod("./syzkaller.heBym7", 0777) = 0 [pid 5011] chdir("./syzkaller.heBym7") = 0 [pid 5011] mkdir("./0", 0777) = 0 [pid 5012] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5013 [pid 5011] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5008] <... close resumed>) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5010] <... getpid resumed>) = 5010 [pid 5009] chdir("./syzkaller.riiSqZ" [pid 5007] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5010] mkdir("./syzkaller.kBo0X1", 0700 [pid 5009] <... chdir resumed>) = 0 [pid 5008] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5015 ./strace-static-x86_64: Process 5013 attached [pid 5007] <... openat resumed>) = 3 [pid 5009] mkdir("./0", 0777 [pid 5013] chdir("./0") = 0 ./strace-static-x86_64: Process 5015 attached ./strace-static-x86_64: Process 5014 attached [pid 5011] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5014 [pid 5010] <... mkdir resumed>) = 0 [pid 5009] <... mkdir resumed>) = 0 [pid 5007] ioctl(3, LOOP_CLR_FD [pid 5015] chdir("./0" [pid 5014] chdir("./0" [pid 5013] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5010] chmod("./syzkaller.kBo0X1", 0777 [pid 5009] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5007] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5014] <... chdir resumed>) = 0 [pid 5013] <... prctl resumed>) = 0 [pid 5014] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5013] setpgid(0, 0 [pid 5010] <... chmod resumed>) = 0 [pid 5014] <... prctl resumed>) = 0 [pid 5013] <... setpgid resumed>) = 0 [pid 5009] <... openat resumed>) = 3 [pid 5015] <... chdir resumed>) = 0 [pid 5007] close(3 [pid 5010] chdir("./syzkaller.kBo0X1" [pid 5015] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5014] setpgid(0, 0 [pid 5013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5010] <... chdir resumed>) = 0 [pid 5009] ioctl(3, LOOP_CLR_FD [pid 5007] <... close resumed>) = 0 [pid 5015] <... prctl resumed>) = 0 [pid 5014] <... setpgid resumed>) = 0 [pid 5013] <... openat resumed>) = 3 [pid 5010] mkdir("./0", 0777 [pid 5015] setpgid(0, 0 [pid 5014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5013] write(3, "1000", 4 [pid 5009] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] <... setpgid resumed>) = 0 [pid 5014] <... openat resumed>) = 3 [pid 5013] <... write resumed>) = 4 [pid 5010] <... mkdir resumed>) = 0 [pid 5009] close(3 [pid 5014] write(3, "1000", 4 [pid 5013] close(3 [pid 5014] <... write resumed>) = 4 [pid 5013] <... close resumed>) = 0 [pid 5014] close(3 [pid 5013] symlink("/dev/binderfs", "./binderfs" [pid 5015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5014] <... close resumed>) = 0 [pid 5013] <... symlink resumed>) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5009] <... close resumed>) = 0 [pid 5015] <... openat resumed>) = 3 [pid 5014] symlink("/dev/binderfs", "./binderfs" [pid 5013] memfd_create("syzkaller", 0 [pid 5015] write(3, "1000", 4 [pid 5014] <... symlink resumed>) = 0 [pid 5010] <... openat resumed>) = 3 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5007] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5017 ./strace-static-x86_64: Process 5017 attached [pid 5015] <... write resumed>) = 4 [pid 5014] memfd_create("syzkaller", 0 [pid 5010] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5018 attached [pid 5017] chdir("./0" [pid 5015] close(3 [pid 5014] <... memfd_create resumed>) = 3 [pid 5013] <... memfd_create resumed>) = 3 [pid 5010] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5009] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5018 [pid 5018] chdir("./0" [pid 5017] <... chdir resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 5014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5010] close(3 [pid 5018] <... chdir resumed>) = 0 [pid 5017] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5015] symlink("/dev/binderfs", "./binderfs" [pid 5014] <... mmap resumed>) = 0x7f81653df000 [pid 5013] <... mmap resumed>) = 0x7f81653df000 [pid 5010] <... close resumed>) = 0 [pid 5018] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5017] <... prctl resumed>) = 0 [pid 5015] <... symlink resumed>) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] memfd_create("syzkaller", 0) = 3 [pid 5014] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5010] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5019 [pid 5015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81653df000 [pid 5018] <... prctl resumed>) = 0 [pid 5017] setpgid(0, 0 [pid 5015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5018] setpgid(0, 0 [pid 5017] <... setpgid resumed>) = 0 [pid 5015] <... write resumed>) = 524288 [pid 5013] <... write resumed>) = 524288 [pid 5018] <... setpgid resumed>) = 0 [pid 5017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 5019 attached [pid 5018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5019] chdir("./0" [pid 5018] <... openat resumed>) = 3 [pid 5017] <... openat resumed>) = 3 [pid 5019] <... chdir resumed>) = 0 [pid 5018] write(3, "1000", 4 [pid 5017] write(3, "1000", 4 [pid 5019] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5018] <... write resumed>) = 4 [pid 5017] <... write resumed>) = 4 [pid 5019] <... prctl resumed>) = 0 [pid 5018] close(3 [pid 5017] close(3 [ 79.632208][ T5013] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5013 'syz-executor154' [pid 5015] munmap(0x7f81653df000, 524288 [pid 5019] setpgid(0, 0 [pid 5018] <... close resumed>) = 0 [pid 5017] <... close resumed>) = 0 [pid 5015] <... munmap resumed>) = 0 [pid 5019] <... setpgid resumed>) = 0 [pid 5018] symlink("/dev/binderfs", "./binderfs" [pid 5017] symlink("/dev/binderfs", "./binderfs" [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5014] <... write resumed>) = 524288 [pid 5013] munmap(0x7f81653df000, 524288 [pid 5019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5015] <... openat resumed>) = 4 [pid 5019] <... openat resumed>) = 3 [pid 5018] <... symlink resumed>) = 0 [pid 5017] <... symlink resumed>) = 0 [pid 5015] ioctl(4, LOOP_SET_FD, 3 [pid 5019] write(3, "1000", 4 [pid 5018] memfd_create("syzkaller", 0 [pid 5017] memfd_create("syzkaller", 0 [pid 5014] munmap(0x7f81653df000, 524288 [pid 5013] <... munmap resumed>) = 0 [pid 5019] <... write resumed>) = 4 [pid 5018] <... memfd_create resumed>) = 3 [pid 5017] <... memfd_create resumed>) = 3 [pid 5019] close(3 [pid 5018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5014] <... munmap resumed>) = 0 [pid 5013] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5019] <... close resumed>) = 0 [pid 5018] <... mmap resumed>) = 0x7f81653df000 [pid 5017] <... mmap resumed>) = 0x7f81653df000 [pid 5019] symlink("/dev/binderfs", "./binderfs" [pid 5014] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5013] <... openat resumed>) = 4 [pid 5019] <... symlink resumed>) = 0 [pid 5019] memfd_create("syzkaller", 0) = 3 [pid 5019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81653df000 [pid 5019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5014] <... openat resumed>) = 4 [pid 5013] ioctl(4, LOOP_SET_FD, 3 [pid 5019] <... write resumed>) = 524288 [pid 5014] ioctl(4, LOOP_SET_FD, 3 [pid 5015] <... ioctl resumed>) = 0 [pid 5015] close(3) = 0 [pid 5015] mkdir("./file0", 0777) = 0 [pid 5015] mount("/dev/loop1", "./file0", "hfsplus", 0, "" [pid 5019] munmap(0x7f81653df000, 524288) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 79.700314][ T5015] loop1: detected capacity change from 0 to 1024 [ 79.732910][ T5013] loop5: detected capacity change from 0 to 1024 [ 79.740270][ T5014] loop4: detected capacity change from 0 to 1024 [pid 5019] ioctl(4, LOOP_SET_FD, 3 [pid 5018] <... write resumed>) = 524288 [pid 5017] <... write resumed>) = 524288 [pid 5014] <... ioctl resumed>) = 0 [pid 5013] <... ioctl resumed>) = 0 [pid 5018] munmap(0x7f81653df000, 524288 [pid 5017] munmap(0x7f81653df000, 524288 [pid 5014] close(3 [pid 5013] close(3 [pid 5018] <... munmap resumed>) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5017] <... munmap resumed>) = 0 [pid 5014] <... close resumed>) = 0 [pid 5013] <... close resumed>) = 0 [pid 5018] <... openat resumed>) = 4 [pid 5017] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5014] mkdir("./file0", 0777 [pid 5013] mkdir("./file0", 0777 [pid 5018] ioctl(4, LOOP_SET_FD, 3 [pid 5017] <... openat resumed>) = 4 [pid 5014] <... mkdir resumed>) = 0 [pid 5013] <... mkdir resumed>) = 0 [pid 5015] <... mount resumed>) = 0 [pid 5015] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5019] <... ioctl resumed>) = 0 [pid 5017] ioctl(4, LOOP_SET_FD, 3 [pid 5015] <... openat resumed>) = 3 [pid 5014] mount("/dev/loop4", "./file0", "hfsplus", 0, "" [pid 5013] mount("/dev/loop5", "./file0", "hfsplus", 0, "" [pid 5019] close(3 [pid 5015] chdir("./file0" [pid 5019] <... close resumed>) = 0 [pid 5015] <... chdir resumed>) = 0 [pid 5019] mkdir("./file0", 0777 [pid 5015] ioctl(4, LOOP_CLR_FD [pid 5019] <... mkdir resumed>) = 0 [pid 5015] <... ioctl resumed>) = 0 [pid 5019] mount("/dev/loop3", "./file0", "hfsplus", 0, "" [pid 5015] close(4 [pid 5017] <... ioctl resumed>) = 0 [pid 5018] <... ioctl resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 5014] <... mount resumed>) = 0 [pid 5013] <... mount resumed>) = 0 [pid 5019] <... mount resumed>) = 0 [pid 5018] close(3 [pid 5017] close(3 [pid 5015] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5014] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5019] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5018] <... close resumed>) = 0 [pid 5017] <... close resumed>) = 0 [pid 5015] <... openat resumed>) = 4 [pid 5014] <... openat resumed>) = 3 [pid 5013] <... openat resumed>) = 3 [pid 5019] <... openat resumed>) = 3 [pid 5018] mkdir("./file0", 0777 [pid 5017] mkdir("./file0", 0777 [pid 5015] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5014] chdir("./file0" [pid 5013] chdir("./file0" [pid 5019] chdir("./file0" [pid 5018] <... mkdir resumed>) = 0 [pid 5019] <... chdir resumed>) = 0 [pid 5018] mount("/dev/loop2", "./file0", "hfsplus", 0, "" [pid 5017] <... mkdir resumed>) = 0 [pid 5014] <... chdir resumed>) = 0 [pid 5013] <... chdir resumed>) = 0 [pid 5019] ioctl(4, LOOP_CLR_FD [pid 5017] mount("/dev/loop0", "./file0", "hfsplus", 0, "" [pid 5014] ioctl(4, LOOP_CLR_FD [pid 5013] ioctl(4, LOOP_CLR_FD [pid 5019] <... ioctl resumed>) = 0 [ 79.759232][ T5019] loop3: detected capacity change from 0 to 1024 [ 79.782684][ T5018] loop2: detected capacity change from 0 to 1024 [ 79.792347][ T5017] loop0: detected capacity change from 0 to 1024 [pid 5019] close(4 [pid 5014] <... ioctl resumed>) = 0 [pid 5013] <... ioctl resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5018] <... mount resumed>) = 0 [pid 5014] close(4 [pid 5013] close(4 [pid 5019] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5018] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5014] <... close resumed>) = 0 [pid 5013] <... close resumed>) = 0 [pid 5019] <... openat resumed>) = 4 [pid 5018] <... openat resumed>) = 3 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5013] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5019] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5018] chdir("./file0" [pid 5014] <... openat resumed>) = 4 [pid 5013] <... openat resumed>) = 4 [pid 5018] <... chdir resumed>) = 0 [pid 5014] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5013] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5018] ioctl(4, LOOP_CLR_FD) = 0 [pid 5018] close(4) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5018] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5019] <... ioctl resumed>) = 0 [pid 5018] <... ioctl resumed>) = 0 [pid 5015] <... ioctl resumed>) = 0 [pid 5014] <... ioctl resumed>) = 0 [pid 5013] <... ioctl resumed>) = 0 [pid 5019] exit_group(0 [pid 5018] exit_group(0 [pid 5015] exit_group(0 [pid 5014] exit_group(0 [pid 5013] exit_group(0 [pid 5019] <... exit_group resumed>) = ? [pid 5018] <... exit_group resumed>) = ? [pid 5015] <... exit_group resumed>) = ? [pid 5014] <... exit_group resumed>) = ? [pid 5013] <... exit_group resumed>) = ? [pid 5019] +++ exited with 0 +++ [pid 5018] +++ exited with 0 +++ [pid 5015] +++ exited with 0 +++ [pid 5014] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5019, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5018, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5013] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5015, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5014, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 79.866321][ T5017] hfsplus: unable to set blocksize to 1024! [ 79.873917][ T5017] hfsplus: unable to find HFS+ superblock [pid 5008] restart_syscall(<... resuming interrupted clone ...> [pid 5012] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5013, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5011] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] <... restart_syscall resumed>) = 0 [pid 5012] restart_syscall(<... resuming interrupted clone ...> [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5012] <... restart_syscall resumed>) = 0 [pid 5011] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5010] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5011] <... openat resumed>) = 3 [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5009] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] ioctl(4, LOOP_CLR_FD [pid 5011] fstat(3, [pid 5010] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5012] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] <... openat resumed>) = 3 [pid 5009] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5008] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5012] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] getdents64(3, [pid 5010] fstat(3, [pid 5009] <... openat resumed>) = 3 [pid 5008] <... openat resumed>) = 3 [pid 5012] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5011] <... getdents64 resumed>0x555556ead620 /* 4 entries */, 32768) = 112 [pid 5010] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] fstat(3, [pid 5008] fstat(3, [pid 5012] <... openat resumed>) = 3 [pid 5011] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] getdents64(3, [pid 5009] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5012] fstat(3, [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5010] <... getdents64 resumed>0x555556ead620 /* 4 entries */, 32768) = 112 [pid 5009] getdents64(3, [pid 5008] getdents64(3, [pid 5012] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] lstat("./0/binderfs", [pid 5010] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] <... getdents64 resumed>0x555556ead620 /* 4 entries */, 32768) = 112 [pid 5008] <... getdents64 resumed>0x555556ead620 /* 4 entries */, 32768) = 112 [pid 5012] getdents64(3, [pid 5011] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5009] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... ioctl resumed>) = 0 [pid 5012] <... getdents64 resumed>0x555556ead620 /* 4 entries */, 32768) = 112 [pid 5011] unlink("./0/binderfs" [pid 5010] lstat("./0/binderfs", [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] close(4 [pid 5012] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] lstat("./0/binderfs", [pid 5008] lstat("./0/binderfs", [pid 5017] <... close resumed>) = 0 [pid 5012] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] <... unlink resumed>) = 0 [pid 5010] unlink("./0/binderfs" [pid 5009] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5012] lstat("./0/binderfs", [pid 5011] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] <... unlink resumed>) = 0 [pid 5009] unlink("./0/binderfs" [pid 5008] unlink("./0/binderfs" [pid 5017] <... openat resumed>) = 3 [pid 5012] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] <... unlink resumed>) = 0 [pid 5008] <... unlink resumed>) = 0 [pid 5017] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 5012] unlink("./0/binderfs" [pid 5010] <... umount2 resumed>) = 0 [pid 5009] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5012] <... unlink resumed>) = 0 [pid 5011] <... umount2 resumed>) = 0 [pid 5010] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] <... umount2 resumed>) = 0 [pid 5008] <... umount2 resumed>) = 0 [pid 5017] exit_group(0 [pid 5012] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5009] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... exit_group resumed>) = ? [pid 5010] lstat("./0/file0", [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] +++ exited with 0 +++ [pid 5010] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] lstat("./0/file0", [pid 5008] lstat("./0/file0", [pid 5010] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5009] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5017, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5007] restart_syscall(<... resuming interrupted clone ...> [pid 5011] lstat("./0/file0", [pid 5010] <... openat resumed>) = 4 [pid 5009] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5008] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5007] <... restart_syscall resumed>) = 0 [pid 5011] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] fstat(4, [pid 5009] <... openat resumed>) = 4 [pid 5008] <... openat resumed>) = 4 [pid 5011] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] fstat(4, [pid 5008] fstat(4, [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5010] getdents64(4, [pid 5009] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5010] <... getdents64 resumed>0x555556eb5660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, [pid 5008] getdents64(4, [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] <... openat resumed>) = 4 [pid 5010] getdents64(4, [pid 5009] <... getdents64 resumed>0x555556eb5660 /* 2 entries */, 32768) = 48 [pid 5008] <... getdents64 resumed>0x555556eb5660 /* 2 entries */, 32768) = 48 [pid 5007] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5011] fstat(4, [pid 5010] <... getdents64 resumed>0x555556eb5660 /* 0 entries */, 32768) = 0 [pid 5009] getdents64(4, [pid 5008] getdents64(4, [pid 5007] <... openat resumed>) = 3 [pid 5011] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] close(4 [pid 5009] <... getdents64 resumed>0x555556eb5660 /* 0 entries */, 32768) = 0 [pid 5008] <... getdents64 resumed>0x555556eb5660 /* 0 entries */, 32768) = 0 [pid 5007] fstat(3, [pid 5011] getdents64(4, [pid 5010] <... close resumed>) = 0 [pid 5009] close(4 [pid 5008] close(4 [pid 5007] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] <... getdents64 resumed>0x555556eb5660 /* 2 entries */, 32768) = 48 [pid 5010] rmdir("./0/file0" [pid 5009] <... close resumed>) = 0 [pid 5008] <... close resumed>) = 0 [pid 5007] getdents64(3, [pid 5011] getdents64(4, [pid 5010] <... rmdir resumed>) = 0 [pid 5009] rmdir("./0/file0" [pid 5008] rmdir("./0/file0" [pid 5007] <... getdents64 resumed>0x555556ead620 /* 4 entries */, 32768) = 112 [pid 5011] <... getdents64 resumed>0x555556eb5660 /* 0 entries */, 32768) = 0 [pid 5010] getdents64(3, [pid 5009] <... rmdir resumed>) = 0 [pid 5008] <... rmdir resumed>) = 0 [pid 5007] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5012] <... umount2 resumed>) = 0 [pid 5011] close(4 [pid 5010] <... getdents64 resumed>0x555556ead620 /* 0 entries */, 32768) = 0 [pid 5009] getdents64(3, [pid 5008] getdents64(3, [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5012] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] <... close resumed>) = 0 [pid 5010] close(3 [pid 5009] <... getdents64 resumed>0x555556ead620 /* 0 entries */, 32768) = 0 [pid 5008] <... getdents64 resumed>0x555556ead620 /* 0 entries */, 32768) = 0 [pid 5007] lstat("./0/binderfs", [pid 5012] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] rmdir("./0/file0" [pid 5010] <... close resumed>) = 0 [pid 5009] close(3 [pid 5008] close(3 [pid 5007] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5012] lstat("./0/file0", [pid 5011] <... rmdir resumed>) = 0 [pid 5010] rmdir("./0" [pid 5009] <... close resumed>) = 0 [pid 5008] <... close resumed>) = 0 [pid 5007] unlink("./0/binderfs" [pid 5012] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, [pid 5010] <... rmdir resumed>) = 0 [pid 5009] rmdir("./0" [pid 5008] rmdir("./0" [pid 5007] <... unlink resumed>) = 0 [pid 5012] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] <... getdents64 resumed>0x555556ead620 /* 0 entries */, 32768) = 0 [pid 5010] mkdir("./1", 0777 [pid 5009] <... rmdir resumed>) = 0 [pid 5008] <... rmdir resumed>) = 0 [pid 5007] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5012] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] close(3 [pid 5010] <... mkdir resumed>) = 0 [pid 5009] mkdir("./1", 0777 [pid 5008] mkdir("./1", 0777 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5012] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5011] <... close resumed>) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5009] <... mkdir resumed>) = 0 [pid 5008] <... mkdir resumed>) = 0 [pid 5007] lstat("./0/file0", [pid 5012] <... openat resumed>) = 4 [pid 5011] rmdir("./0" [pid 5010] <... openat resumed>) = 3 [pid 5009] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5008] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5007] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5012] fstat(4, [pid 5011] <... rmdir resumed>) = 0 [pid 5010] ioctl(3, LOOP_CLR_FD [pid 5009] <... openat resumed>) = 3 [pid 5008] <... openat resumed>) = 3 [pid 5007] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5012] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] mkdir("./1", 0777 [pid 5010] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5009] ioctl(3, LOOP_CLR_FD [pid 5008] ioctl(3, LOOP_CLR_FD [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5012] getdents64(4, [pid 5011] <... mkdir resumed>) = 0 [pid 5010] close(3 [pid 5009] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5007] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5012] <... getdents64 resumed>0x555556eb5660 /* 2 entries */, 32768) = 48 [pid 5011] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5010] <... close resumed>) = 0 [pid 5009] close(3 [pid 5007] <... openat resumed>) = 4 [pid 5012] getdents64(4, [pid 5011] <... openat resumed>) = 3 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5009] <... close resumed>) = 0 [pid 5007] fstat(4, [pid 5012] <... getdents64 resumed>0x555556eb5660 /* 0 entries */, 32768) = 0 [pid 5011] ioctl(3, LOOP_CLR_FD [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5007] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5012] close(4 [pid 5011] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5010] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5024 [pid 5007] getdents64(4, [pid 5012] <... close resumed>) = 0 [pid 5011] close(3 [pid 5009] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5025 [pid 5007] <... getdents64 resumed>0x555556eb5660 /* 2 entries */, 32768) = 48 [pid 5012] rmdir("./0/file0" [pid 5011] <... close resumed>) = 0 [pid 5007] getdents64(4, [pid 5012] <... rmdir resumed>) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5007] <... getdents64 resumed>0x555556eb5660 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 5025 attached [pid 5012] getdents64(3, [pid 5007] close(4 [pid 5025] chdir("./1" [pid 5012] <... getdents64 resumed>0x555556ead620 /* 0 entries */, 32768) = 0 [pid 5011] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5026 [pid 5007] <... close resumed>) = 0 [pid 5025] <... chdir resumed>) = 0 [pid 5012] close(3 [pid 5007] rmdir("./0/file0"./strace-static-x86_64: Process 5026 attached ./strace-static-x86_64: Process 5024 attached [pid 5025] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5012] <... close resumed>) = 0 [pid 5007] <... rmdir resumed>) = 0 [pid 5025] <... prctl resumed>) = 0 [pid 5024] chdir("./1" [pid 5012] rmdir("./0" [pid 5007] getdents64(3, [pid 5026] chdir("./1" [pid 5025] setpgid(0, 0 [pid 5024] <... chdir resumed>) = 0 [pid 5012] <... rmdir resumed>) = 0 [pid 5008] <... ioctl resumed>) = 0 [pid 5007] <... getdents64 resumed>0x555556ead620 /* 0 entries */, 32768) = 0 [pid 5026] <... chdir resumed>) = 0 [pid 5025] <... setpgid resumed>) = 0 [pid 5024] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5012] mkdir("./1", 0777 [pid 5008] close(3 [pid 5007] close(3 [pid 5026] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5024] <... prctl resumed>) = 0 [pid 5012] <... mkdir resumed>) = 0 [pid 5008] <... close resumed>) = 0 [pid 5007] <... close resumed>) = 0 [pid 5026] <... prctl resumed>) = 0 [pid 5025] <... openat resumed>) = 3 [pid 5024] setpgid(0, 0 [pid 5012] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5007] rmdir("./0" [pid 5026] setpgid(0, 0 [pid 5025] write(3, "1000", 4 [pid 5024] <... setpgid resumed>) = 0 [pid 5012] <... openat resumed>) = 3 [pid 5007] <... rmdir resumed>) = 0 [pid 5026] <... setpgid resumed>) = 0 [pid 5025] <... write resumed>) = 4 [pid 5024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5012] ioctl(3, LOOP_CLR_FD [pid 5008] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5027 [pid 5007] mkdir("./1", 0777 [pid 5026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5025] close(3 [pid 5024] <... openat resumed>) = 3 [pid 5012] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5007] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5027 attached [pid 5026] <... openat resumed>) = 3 [pid 5025] <... close resumed>) = 0 [pid 5024] write(3, "1000", 4 [pid 5012] close(3 [pid 5007] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5027] chdir("./1" [pid 5026] write(3, "1000", 4 [pid 5025] symlink("/dev/binderfs", "./binderfs" [pid 5024] <... write resumed>) = 4 [pid 5012] <... close resumed>) = 0 [pid 5007] <... openat resumed>) = 3 [pid 5027] <... chdir resumed>) = 0 [pid 5026] <... write resumed>) = 4 [pid 5025] <... symlink resumed>) = 0 [pid 5024] close(3 [pid 5012] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5007] ioctl(3, LOOP_CLR_FD [pid 5027] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5026] close(3 [pid 5025] memfd_create("syzkaller", 0 [pid 5024] <... close resumed>) = 0 [pid 5007] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5027] <... prctl resumed>) = 0 [pid 5026] <... close resumed>) = 0 [pid 5025] <... memfd_create resumed>) = 3 [pid 5024] symlink("/dev/binderfs", "./binderfs" [pid 5012] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5029 [pid 5007] close(3 [pid 5027] setpgid(0, 0 [pid 5026] symlink("/dev/binderfs", "./binderfs" [pid 5025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5024] <... symlink resumed>) = 0 [pid 5007] <... close resumed>) = 0 [pid 5027] <... setpgid resumed>) = 0 [pid 5026] <... symlink resumed>) = 0 [pid 5025] <... mmap resumed>) = 0x7f81653df000 [pid 5024] memfd_create("syzkaller", 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5029 attached [pid 5027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5026] memfd_create("syzkaller", 0 [pid 5025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5024] <... memfd_create resumed>) = 3 [pid 5029] chdir("./1" [pid 5027] <... openat resumed>) = 3 [pid 5026] <... memfd_create resumed>) = 3 [pid 5024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5007] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5030 [pid 5029] <... chdir resumed>) = 0 [pid 5027] write(3, "1000", 4 [pid 5026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5024] <... mmap resumed>) = 0x7f81653df000 ./strace-static-x86_64: Process 5030 attached [pid 5029] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5027] <... write resumed>) = 4 [pid 5026] <... mmap resumed>) = 0x7f81653df000 [pid 5030] chdir("./1" [pid 5029] <... prctl resumed>) = 0 [pid 5027] close(3 [pid 5030] <... chdir resumed>) = 0 [pid 5029] setpgid(0, 0 [pid 5027] <... close resumed>) = 0 [pid 5025] <... write resumed>) = 524288 [pid 5030] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5029] <... setpgid resumed>) = 0 [pid 5027] symlink("/dev/binderfs", "./binderfs" [pid 5025] munmap(0x7f81653df000, 524288 [pid 5024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5030] <... prctl resumed>) = 0 [pid 5029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5027] <... symlink resumed>) = 0 [pid 5026] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5025] <... munmap resumed>) = 0 [pid 5030] setpgid(0, 0 [pid 5029] <... openat resumed>) = 3 [pid 5027] memfd_create("syzkaller", 0 [pid 5025] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5030] <... setpgid resumed>) = 0 [pid 5029] write(3, "1000", 4 [pid 5027] <... memfd_create resumed>) = 3 [pid 5025] <... openat resumed>) = 4 [pid 5030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5029] <... write resumed>) = 4 [pid 5027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5025] ioctl(4, LOOP_SET_FD, 3 [pid 5030] <... openat resumed>) = 3 [pid 5029] close(3 [pid 5027] <... mmap resumed>) = 0x7f81653df000 [pid 5026] <... write resumed>) = 524288 [pid 5030] write(3, "1000", 4 [pid 5029] <... close resumed>) = 0 [pid 5027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5030] <... write resumed>) = 4 [pid 5029] symlink("/dev/binderfs", "./binderfs" [pid 5024] <... write resumed>) = 524288 [pid 5030] close(3 [pid 5029] <... symlink resumed>) = 0 [pid 5026] munmap(0x7f81653df000, 524288 [pid 5030] <... close resumed>) = 0 [pid 5029] memfd_create("syzkaller", 0 [pid 5030] symlink("/dev/binderfs", "./binderfs" [pid 5029] <... memfd_create resumed>) = 3 [pid 5026] <... munmap resumed>) = 0 [pid 5024] munmap(0x7f81653df000, 524288 [pid 5030] <... symlink resumed>) = 0 [pid 5029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5026] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5030] memfd_create("syzkaller", 0 [pid 5029] <... mmap resumed>) = 0x7f81653df000 [pid 5027] <... write resumed>) = 524288 [pid 5026] <... openat resumed>) = 4 [pid 5025] <... ioctl resumed>) = 0 [pid 5024] <... munmap resumed>) = 0 [pid 5030] <... memfd_create resumed>) = 3 [ 80.197352][ T5025] loop2: detected capacity change from 0 to 1024 [pid 5029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5027] munmap(0x7f81653df000, 524288 [pid 5026] ioctl(4, LOOP_SET_FD, 3 [pid 5025] close(3 [pid 5024] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5027] <... munmap resumed>) = 0 [pid 5025] <... close resumed>) = 0 [pid 5030] <... mmap resumed>) = 0x7f81653df000 [pid 5027] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5025] mkdir("./file0", 0777 [pid 5030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5029] <... write resumed>) = 524288 [pid 5027] <... openat resumed>) = 4 [pid 5026] <... ioctl resumed>) = 0 [pid 5025] <... mkdir resumed>) = 0 [pid 5024] <... openat resumed>) = 4 [pid 5030] <... write resumed>) = 524288 [pid 5027] ioctl(4, LOOP_SET_FD, 3 [pid 5026] close(3 [pid 5025] mount("/dev/loop2", "./file0", "hfsplus", 0, "" [pid 5024] ioctl(4, LOOP_SET_FD, 3 [pid 5029] munmap(0x7f81653df000, 524288 [pid 5027] <... ioctl resumed>) = 0 [pid 5026] <... close resumed>) = 0 [pid 5029] <... munmap resumed>) = 0 [pid 5029] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 80.245016][ T5026] loop4: detected capacity change from 0 to 1024 [ 80.275066][ T5027] loop1: detected capacity change from 0 to 1024 [ 80.284322][ T5024] loop3: detected capacity change from 0 to 1024 [pid 5030] munmap(0x7f81653df000, 524288 [pid 5029] ioctl(4, LOOP_SET_FD, 3 [pid 5030] <... munmap resumed>) = 0 [pid 5026] mkdir("./file0", 0777 [pid 5025] <... mount resumed>) = 0 [pid 5024] <... ioctl resumed>) = 0 [pid 5030] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5026] <... mkdir resumed>) = 0 [pid 5025] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5024] close(3 [pid 5030] <... openat resumed>) = 4 [pid 5026] mount("/dev/loop4", "./file0", "hfsplus", 0, "" [pid 5025] <... openat resumed>) = 3 [pid 5024] <... close resumed>) = 0 [pid 5030] ioctl(4, LOOP_SET_FD, 3 [pid 5027] close(3 [pid 5025] chdir("./file0" [pid 5027] <... close resumed>) = 0 [pid 5026] <... mount resumed>) = 0 [pid 5025] <... chdir resumed>) = 0 [pid 5024] mkdir("./file0", 0777 [pid 5027] mkdir("./file0", 0777 [pid 5026] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5025] ioctl(4, LOOP_CLR_FD [pid 5027] <... mkdir resumed>) = 0 [pid 5026] <... openat resumed>) = 3 [pid 5025] <... ioctl resumed>) = 0 [pid 5024] <... mkdir resumed>) = 0 [pid 5027] mount("/dev/loop1", "./file0", "hfsplus", 0, "" [pid 5026] chdir("./file0" [pid 5025] close(4 [pid 5024] mount("/dev/loop3", "./file0", "hfsplus", 0, "" [pid 5026] <... chdir resumed>) = 0 [pid 5025] <... close resumed>) = 0 [pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5029] <... ioctl resumed>) = 0 [pid 5025] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5029] close(3) = 0 [pid 5029] mkdir("./file0", 0777) = 0 [pid 5030] <... ioctl resumed>) = 0 [pid 5029] mount("/dev/loop5", "./file0", "hfsplus", 0, "" [pid 5027] <... mount resumed>) = 0 [pid 5026] ioctl(4, LOOP_CLR_FD [pid 5024] <... mount resumed>) = 0 [pid 5030] close(3 [pid 5027] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5026] <... ioctl resumed>) = 0 [pid 5024] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5030] <... close resumed>) = 0 [pid 5027] <... openat resumed>) = 3 [pid 5026] close(4 [pid 5024] <... openat resumed>) = 3 [pid 5030] mkdir("./file0", 0777 [pid 5029] <... mount resumed>) = 0 [pid 5027] chdir("./file0" [pid 5026] <... close resumed>) = 0 [pid 5024] chdir("./file0" [pid 5030] <... mkdir resumed>) = 0 [pid 5029] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5027] <... chdir resumed>) = 0 [ 80.290303][ T5029] loop5: detected capacity change from 0 to 1024 [ 80.309912][ T5030] loop0: detected capacity change from 0 to 1024 [pid 5026] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5024] <... chdir resumed>) = 0 [pid 5030] mount("/dev/loop0", "./file0", "hfsplus", 0, "" [pid 5029] <... openat resumed>) = 3 [pid 5027] ioctl(4, LOOP_CLR_FD [pid 5026] <... openat resumed>) = 4 [pid 5024] ioctl(4, LOOP_CLR_FD [pid 5029] chdir("./file0" [pid 5027] <... ioctl resumed>) = 0 [pid 5026] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5024] <... ioctl resumed>) = 0 [pid 5029] <... chdir resumed>) = 0 [pid 5027] close(4 [pid 5024] close(4 [pid 5029] ioctl(4, LOOP_CLR_FD [pid 5027] <... close resumed>) = 0 [pid 5024] <... close resumed>) = 0 [pid 5029] <... ioctl resumed>) = 0 [pid 5027] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5024] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5029] close(4 [pid 5027] <... openat resumed>) = 4 [pid 5024] <... openat resumed>) = 4 [pid 5029] <... close resumed>) = 0 [pid 5027] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5024] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5029] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [ 80.384611][ T5030] ================================================================== [ 80.392741][ T5030] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0xf62/0x1020 [ 80.401064][ T5030] Read of size 2 at addr ffff88801566f800 by task syz-executor154/5030 [ 80.409350][ T5030] [ 80.411707][ T5030] CPU: 0 PID: 5030 Comm: syz-executor154 Not tainted 6.4.0-rc1-next-20230512-syzkaller #0 [ 80.421639][ T5030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 80.431759][ T5030] Call Trace: [pid 5029] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048) = 0 [pid 5027] <... ioctl resumed>) = 0 [pid 5026] <... ioctl resumed>) = 0 [pid 5025] <... ioctl resumed>) = 0 [pid 5024] <... ioctl resumed>) = 0 [pid 5029] exit_group(0 [pid 5027] exit_group(0 [pid 5026] exit_group(0 [pid 5024] exit_group(0 [pid 5029] <... exit_group resumed>) = ? [pid 5027] <... exit_group resumed>) = ? [pid 5026] <... exit_group resumed>) = ? [pid 5024] <... exit_group resumed>) = ? [pid 5029] +++ exited with 0 +++ [pid 5027] +++ exited with 0 +++ [pid 5026] +++ exited with 0 +++ [pid 5024] +++ exited with 0 +++ [pid 5025] exit_group(0 [pid 5012] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5029, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5026, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5024, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5025] <... exit_group resumed>) = ? [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5027, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5025] +++ exited with 0 +++ [pid 5008] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5025, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5012] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] <... openat resumed>) = 3 [pid 5012] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5009] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] fstat(3, [pid 5012] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5011] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5010] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5008] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5012] <... openat resumed>) = 3 [pid 5011] <... openat resumed>) = 3 [pid 5010] <... openat resumed>) = 3 [pid 5009] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5008] getdents64(3, [pid 5012] fstat(3, [pid 5011] fstat(3, [pid 5010] fstat(3, [pid 5009] <... openat resumed>) = 3 [pid 5008] <... getdents64 resumed>0x555556ead620 /* 4 entries */, 32768) = 112 [pid 5012] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] fstat(3, [pid 5008] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5012] getdents64(3, [pid 5011] getdents64(3, [pid 5010] getdents64(3, [pid 5009] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5012] <... getdents64 resumed>0x555556ead620 /* 4 entries */, 32768) = 112 [pid 5011] <... getdents64 resumed>0x555556ead620 /* 4 entries */, 32768) = 112 [pid 5010] <... getdents64 resumed>0x555556ead620 /* 4 entries */, 32768) = 112 [pid 5009] getdents64(3, [pid 5008] lstat("./1/binderfs", [pid 5012] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] <... getdents64 resumed>0x555556ead620 /* 4 entries */, 32768) = 112 [pid 5008] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5012] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5009] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] unlink("./1/binderfs" [pid 5012] lstat("./1/binderfs", [pid 5011] lstat("./1/binderfs", [pid 5010] lstat("./1/binderfs", [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5008] <... unlink resumed>) = 0 [pid 5012] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] lstat("./1/binderfs", [pid 5008] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5012] unlink("./1/binderfs" [pid 5011] unlink("./1/binderfs" [pid 5010] unlink("./1/binderfs" [pid 5009] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5012] <... unlink resumed>) = 0 [pid 5011] <... unlink resumed>) = 0 [pid 5010] <... unlink resumed>) = 0 [pid 5009] unlink("./1/binderfs" [pid 5012] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] <... unlink resumed>) = 0 [ 80.435069][ T5030] [ 80.438027][ T5030] dump_stack_lvl+0xd9/0x150 [ 80.442697][ T5030] print_address_description.constprop.0+0x2c/0x3c0 [ 80.449338][ T5030] ? hfsplus_read_wrapper+0xf62/0x1020 [ 80.454870][ T5030] kasan_report+0x11c/0x130 [ 80.459434][ T5030] ? hfsplus_read_wrapper+0xf62/0x1020 [ 80.464965][ T5030] hfsplus_read_wrapper+0xf62/0x1020 [ 80.470408][ T5030] ? lock_downgrade+0x690/0x690 [ 80.475323][ T5030] ? hfsplus_submit_bio+0x2b0/0x2b0 [ 80.480578][ T5030] ? spin_bug+0x1c0/0x1c0 [ 80.484970][ T5030] ? lock_acquire+0x32/0xc0 [ 80.489510][ T5030] ? find_nls+0x1c/0x160 [ 80.493786][ T5030] ? do_raw_spin_unlock+0x175/0x230 [ 80.499025][ T5030] ? _raw_spin_unlock+0x28/0x40 [ 80.504261][ T5030] ? find_nls+0x121/0x160 [ 80.508627][ T5030] hfsplus_fill_super+0x312/0x1c40 [ 80.513782][ T5030] ? ip6_addr_string_sa+0x830/0x830 [ 80.519013][ T5030] ? hfsplus_iget+0x7c0/0x7c0 [ 80.523755][ T5030] ? bdev_name.constprop.0+0x270/0x4d0 [ 80.529244][ T5030] ? fourcc_string+0x770/0x770 [ 80.534040][ T5030] ? pointer+0x173/0xc50 [ 80.538305][ T5030] ? restricted_pointer+0x41f/0x6d0 [ 80.543536][ T5030] ? resource_string.isra.0+0x16c0/0x16c0 [ 80.549293][ T5030] ? vsnprintf+0x4df/0x1710 [ 80.553825][ T5030] ? pointer+0xc50/0xc50 [ 80.558110][ T5030] ? snprintf+0xbf/0x100 [ 80.562377][ T5030] ? vsprintf+0x30/0x30 [ 80.566648][ T5030] ? wait_for_completion_io_timeout+0x20/0x20 [ 80.572745][ T5030] ? set_blocksize+0x2d8/0x370 [ 80.577569][ T5030] mount_bdev+0x357/0x420 [ 80.581947][ T5030] ? hfsplus_iget+0x7c0/0x7c0 [ 80.586748][ T5030] ? zisofs_cleanup+0x20/0x20 [ 80.591554][ T5030] legacy_get_tree+0x109/0x220 [ 80.596365][ T5030] vfs_get_tree+0x8d/0x350 [ 80.600818][ T5030] path_mount+0x134b/0x1e40 [ 80.605372][ T5030] ? kmem_cache_free+0xe9/0x480 [ 80.610265][ T5030] ? finish_automount+0x9b0/0x9b0 [ 80.615327][ T5030] ? putname+0x102/0x140 [ 80.619602][ T5030] __x64_sys_mount+0x283/0x300 [ 80.624398][ T5030] ? copy_mnt_ns+0xb30/0xb30 [ 80.629021][ T5030] ? lockdep_hardirqs_on+0x7d/0x100 [ 80.634265][ T5030] ? _raw_spin_unlock_irq+0x2e/0x50 [ 80.639494][ T5030] ? ptrace_notify+0xfe/0x140 [ 80.644239][ T5030] do_syscall_64+0x39/0xb0 [ 80.648696][ T5030] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 80.654643][ T5030] RIP: 0033:0x7f816d82df0a [ 80.659074][ T5030] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 80.678701][ T5030] RSP: 002b:00007ffd9592d6f8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 80.687134][ T5030] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f816d82df0a [ 80.695145][ T5030] RDX: 0000000020000500 RSI: 0000000020000080 RDI: 00007ffd9592d710 [ 80.703133][ T5030] RBP: 00007ffd9592d710 R08: 00007ffd9592d750 R09: 0000000000000614 [ 80.711303][ T5030] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004 [ 80.719375][ T5030] R13: 0000555556eac2c0 R14: 0000000000000000 R15: 00007ffd9592d750 [ 80.727371][ T5030] [ 80.730400][ T5030] [ 80.732736][ T5030] The buggy address belongs to the object at ffff88801566f800 [ 80.732736][ T5030] which belongs to the cache kmalloc-512 of size 512 [ 80.746865][ T5030] The buggy address is located 0 bytes inside of [ 80.746865][ T5030] freed 512-byte region [ffff88801566f800, ffff88801566fa00) [ 80.760507][ T5030] [ 80.762834][ T5030] The buggy address belongs to the physical page: [ 80.769254][ T5030] page:ffffea0000559b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1566c [ 80.779424][ T5030] head:ffffea0000559b00 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 80.788368][ T5030] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 80.796364][ T5030] page_type: 0xffffffff() [ 80.800711][ T5030] raw: 00fff00000010200 ffff888012441c80 dead000000000100 dead000000000122 [ 80.809313][ T5030] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 80.817908][ T5030] page dumped because: kasan: bad access detected [ 80.824934][ T5030] page_owner tracks the page as allocated [ 80.830651][ T5030] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52000(__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 0, tgid 0 (swapper/0), ts 1778430890, free_ts 0 [ 80.847259][ T5030] post_alloc_hook+0x2db/0x350 [ 80.852061][ T5030] get_page_from_freelist+0xf7c/0x2aa0 [ 80.857558][ T5030] __alloc_pages+0x1cb/0x4a0 [ 80.862178][ T5030] alloc_page_interleave+0x1e/0x200 [ 80.867413][ T5030] alloc_pages+0x233/0x270 [ 80.871887][ T5030] allocate_slab+0x28e/0x380 [ 80.876523][ T5030] ___slab_alloc+0xa91/0x1400 [ 80.881234][ T5030] __slab_alloc.constprop.0+0x56/0xa0 [ 80.886641][ T5030] __kmem_cache_alloc_node+0x136/0x320 [ 80.892131][ T5030] kmalloc_trace+0x26/0xe0 [ 80.896568][ T5030] devcgroup_css_alloc+0x41/0x120 [ 80.901631][ T5030] cgroup_init_subsys+0x1bd/0x900 [ 80.906688][ T5030] cgroup_init+0xb83/0x1090 [ 80.911339][ T5030] start_kernel+0x398/0x490 [ 80.916165][ T5030] x86_64_start_reservations+0x18/0x30 [ 80.921657][ T5030] x86_64_start_kernel+0xb3/0xc0 [ 80.926624][ T5030] page_owner free stack trace missing [ 80.932185][ T5030] [ 80.934518][ T5030] Memory state around the buggy address: [ 80.940154][ T5030] ffff88801566f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 80.948244][ T5030] ffff88801566f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 80.956332][ T5030] >ffff88801566f800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.964428][ T5030] ^ [ 80.968507][ T5030] ffff88801566f880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.976595][ T5030] ffff88801566f900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [pid 5009] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] <... umount2 resumed>) = 0 [pid 5010] <... umount2 resumed>) = 0 [pid 5011] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./1/file0", [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5010] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] <... openat resumed>) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x555556eb5660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x555556eb5660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./1/file0" [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5011] <... rmdir resumed>) = 0 [pid 5010] <... openat resumed>) = 4 [pid 5011] getdents64(3, 0x555556ead620 /* 0 entries */, 32768) = 0 [pid 5012] <... umount2 resumed>) = 0 [pid 5011] close(3 [pid 5010] fstat(4, [pid 5009] <... umount2 resumed>) = 0 [pid 5008] <... umount2 resumed>) = 0 [pid 5010] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] getdents64(4, [pid 5011] <... close resumed>) = 0 [pid 5011] rmdir("./1" [pid 5010] <... getdents64 resumed>0x555556eb5660 /* 2 entries */, 32768) = 48 [pid 5011] <... rmdir resumed>) = 0 [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] mkdir("./2", 0777 [pid 5009] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5012] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] <... mkdir resumed>) = 0 [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5012] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5009] lstat("./1/file0", [pid 5012] lstat("./1/file0", [pid 5011] <... openat resumed>) = 3 [pid 5009] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5012] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] ioctl(3, LOOP_CLR_FD [pid 5009] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5012] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] <... ioctl resumed>) = 0 [pid 5012] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] close(3 [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5012] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5011] <... close resumed>) = 0 [pid 5009] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5012] <... openat resumed>) = 4 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5009] <... openat resumed>) = 4 [pid 5012] fstat(4, [pid 5009] fstat(4, [pid 5012] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5031 [pid 5009] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5012] getdents64(4, [pid 5009] getdents64(4, [pid 5012] <... getdents64 resumed>0x555556eb5660 /* 2 entries */, 32768) = 48 [pid 5009] <... getdents64 resumed>0x555556eb5660 /* 2 entries */, 32768) = 48 [pid 5012] getdents64(4, [pid 5010] getdents64(4, [pid 5009] getdents64(4, [pid 5008] lstat("./1/file0", [pid 5012] <... getdents64 resumed>0x555556eb5660 /* 0 entries */, 32768) = 0 [pid 5010] <... getdents64 resumed>0x555556eb5660 /* 0 entries */, 32768) = 0 [pid 5009] <... getdents64 resumed>0x555556eb5660 /* 0 entries */, 32768) = 0 [pid 5012] close(4 [pid 5010] close(4 [pid 5009] close(4 [pid 5008] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5012] <... close resumed>) = 0 [pid 5010] <... close resumed>) = 0 [pid 5009] <... close resumed>) = 0 [pid 5008] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5012] rmdir("./1/file0" [pid 5010] rmdir("./1/file0" [pid 5009] rmdir("./1/file0" [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5012] <... rmdir resumed>) = 0 [pid 5009] <... rmdir resumed>) = 0 [pid 5012] getdents64(3, [pid 5009] getdents64(3, [pid 5012] <... getdents64 resumed>0x555556ead620 /* 0 entries */, 32768) = 0 [pid 5010] <... rmdir resumed>) = 0 [pid 5009] <... getdents64 resumed>0x555556ead620 /* 0 entries */, 32768) = 0 [pid 5008] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5012] close(3 [pid 5010] getdents64(3, [pid 5009] close(3 [pid 5012] <... close resumed>) = 0 [ 80.984767][ T5030] ================================================================== [pid 5010] <... getdents64 resumed>0x555556ead620 /* 0 entries */, 32768) = 0 [pid 5009] <... close resumed>) = 0 [pid 5008] <... openat resumed>) = 4 [pid 5012] rmdir("./1" [pid 5010] close(3 [pid 5009] rmdir("./1" [pid 5008] fstat(4, [pid 5012] <... rmdir resumed>) = 0 [pid 5010] <... close resumed>) = 0 [pid 5009] <... rmdir resumed>) = 0 [pid 5012] mkdir("./2", 0777 [pid 5010] rmdir("./1" [pid 5009] mkdir("./2", 0777 [pid 5008] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5012] <... mkdir resumed>) = 0 [pid 5010] <... rmdir resumed>) = 0 [pid 5009] <... mkdir resumed>) = 0 [pid 5008] getdents64(4, [pid 5012] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5010] mkdir("./2", 0777 [pid 5009] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5008] <... getdents64 resumed>0x555556eb5660 /* 2 entries */, 32768) = 48 [pid 5012] <... openat resumed>) = 3 [pid 5009] <... openat resumed>) = 3 [pid 5012] ioctl(3, LOOP_CLR_FD [pid 5009] ioctl(3, LOOP_CLR_FD [pid 5012] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5010] <... mkdir resumed>) = 0 [pid 5009] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5008] getdents64(4, [pid 5012] close(3 [pid 5010] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5009] close(3 [pid 5008] <... getdents64 resumed>0x555556eb5660 /* 0 entries */, 32768) = 0 [pid 5012] <... close resumed>) = 0 [pid 5010] <... openat resumed>) = 3 [pid 5009] <... close resumed>) = 0 [pid 5008] close(4 [pid 5012] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5010] ioctl(3, LOOP_CLR_FD [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5031 attached [pid 5010] <... ioctl resumed>) = 0 [pid 5008] <... close resumed>) = 0 [pid 5012] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5032 [pid 5010] close(3 [pid 5009] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5033 [pid 5008] rmdir("./1/file0" [pid 5010] <... close resumed>) = 0 ./strace-static-x86_64: Process 5033 attached ./strace-static-x86_64: Process 5032 attached [pid 5033] chdir("./2" [pid 5032] chdir("./2" [pid 5033] <... chdir resumed>) = 0 [pid 5032] <... chdir resumed>) = 0 [pid 5033] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5032] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5033] <... prctl resumed>) = 0 [pid 5032] <... prctl resumed>) = 0 [pid 5033] setpgid(0, 0 [pid 5032] setpgid(0, 0 [pid 5033] <... setpgid resumed>) = 0 [pid 5032] <... setpgid resumed>) = 0 [pid 5031] chdir("./2" [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5008] <... rmdir resumed>) = 0 [pid 5033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5031] <... chdir resumed>) = 0 [pid 5033] <... openat resumed>) = 3 [pid 5032] <... openat resumed>) = 3 [pid 5031] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5008] getdents64(3, [pid 5033] write(3, "1000", 4 [pid 5032] write(3, "1000", 4 [pid 5010] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5034 [pid 5033] <... write resumed>) = 4 [pid 5032] <... write resumed>) = 4 [pid 5008] <... getdents64 resumed>0x555556ead620 /* 0 entries */, 32768) = 0 [pid 5033] close(3 [pid 5032] close(3 [ 81.091277][ T5030] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 81.098559][ T5030] CPU: 0 PID: 5030 Comm: syz-executor154 Not tainted 6.4.0-rc1-next-20230512-syzkaller #0 [ 81.108493][ T5030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 81.118586][ T5030] Call Trace: [ 81.121927][ T5030] [ 81.124892][ T5030] dump_stack_lvl+0xd9/0x150 [ 81.129631][ T5030] panic+0x686/0x730 [ 81.133590][ T5030] ? panic_smp_self_stop+0xa0/0xa0 [ 81.138766][ T5030] ? preempt_schedule_thunk+0x1a/0x20 [ 81.144209][ T5030] ? preempt_schedule_common+0x45/0xb0 [ 81.149725][ T5030] check_panic_on_warn+0xb1/0xc0 [ 81.154730][ T5030] end_report+0xe9/0x120 [ 81.159024][ T5030] ? hfsplus_read_wrapper+0xf62/0x1020 [ 81.164541][ T5030] kasan_report+0xf9/0x130 [ 81.169012][ T5030] ? hfsplus_read_wrapper+0xf62/0x1020 [ 81.174547][ T5030] hfsplus_read_wrapper+0xf62/0x1020 [ 81.179896][ T5030] ? lock_downgrade+0x690/0x690 [ 81.184837][ T5030] ? hfsplus_submit_bio+0x2b0/0x2b0 [pid 5008] close(3 [pid 5033] <... close resumed>) = 0 [pid 5032] <... close resumed>) = 0 [pid 5031] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 5034 attached [pid 5008] <... close resumed>) = 0 [pid 5034] chdir("./2" [pid 5031] setpgid(0, 0 [pid 5008] rmdir("./1" [pid 5034] <... chdir resumed>) = 0 [pid 5031] <... setpgid resumed>) = 0 [pid 5008] <... rmdir resumed>) = 0 [pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5008] mkdir("./2", 0777 [pid 5034] <... prctl resumed>) = 0 [pid 5031] <... openat resumed>) = 3 [pid 5008] <... mkdir resumed>) = 0 [ 81.190097][ T5030] ? spin_bug+0x1c0/0x1c0 [ 81.194508][ T5030] ? lock_acquire+0x32/0xc0 [ 81.199147][ T5030] ? find_nls+0x1c/0x160 [ 81.203460][ T5030] ? do_raw_spin_unlock+0x175/0x230 [ 81.208739][ T5030] ? _raw_spin_unlock+0x28/0x40 [ 81.213653][ T5030] ? find_nls+0x121/0x160 [ 81.218049][ T5030] hfsplus_fill_super+0x312/0x1c40 [ 81.223239][ T5030] ? ip6_addr_string_sa+0x830/0x830 [ 81.228503][ T5030] ? hfsplus_iget+0x7c0/0x7c0 [ 81.233250][ T5030] ? bdev_name.constprop.0+0x270/0x4d0 [pid 5034] setpgid(0, 0 [pid 5031] write(3, "1000", 4 [pid 5034] <... setpgid resumed>) = 0 [pid 5031] <... write resumed>) = 4 [pid 5034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5031] close(3 [pid 5008] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5034] <... openat resumed>) = 3 [pid 5031] <... close resumed>) = 0 [pid 5008] <... openat resumed>) = 3 [pid 5034] write(3, "1000", 4 [pid 5031] symlink("/dev/binderfs", "./binderfs" [pid 5008] ioctl(3, LOOP_CLR_FD [pid 5034] <... write resumed>) = 4 [pid 5031] <... symlink resumed>) = 0 [pid 5034] close(3 [pid 5031] memfd_create("syzkaller", 0 [pid 5008] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5034] <... close resumed>) = 0 [pid 5031] <... memfd_create resumed>) = 3 [pid 5034] symlink("/dev/binderfs", "./binderfs" [pid 5031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5008] close(3 [pid 5034] <... symlink resumed>) = 0 [pid 5031] <... mmap resumed>) = 0x7f81653df000 [pid 5034] memfd_create("syzkaller", 0 [pid 5031] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5008] <... close resumed>) = 0 [pid 5034] <... memfd_create resumed>) = 3 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81653df000 [pid 5034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5008] <... clone resumed>, child_tidptr=0x555556eac5d0) = 5035 [ 81.238772][ T5030] ? fourcc_string+0x770/0x770 [ 81.243605][ T5030] ? pointer+0x173/0xc50 [ 81.247910][ T5030] ? restricted_pointer+0x41f/0x6d0 [ 81.253193][ T5030] ? resource_string.isra.0+0x16c0/0x16c0 [ 81.258989][ T5030] ? vsnprintf+0x4df/0x1710 [ 81.263560][ T5030] ? pointer+0xc50/0xc50 [ 81.267866][ T5030] ? snprintf+0xbf/0x100 [ 81.272182][ T5030] ? vsprintf+0x30/0x30 [ 81.276453][ T5030] ? wait_for_completion_io_timeout+0x20/0x20 [ 81.282599][ T5030] ? set_blocksize+0x2d8/0x370 [ 81.287433][ T5030] mount_bdev+0x357/0x420 [pid 5031] <... write resumed>) = 524288 [pid 5031] munmap(0x7f81653df000, 524288 [pid 5034] <... write resumed>) = 524288 [pid 5031] <... munmap resumed>) = 0 [pid 5034] munmap(0x7f81653df000, 524288 [pid 5031] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5031] ioctl(4, LOOP_SET_FD, 3 [pid 5034] <... munmap resumed>) = 0 [pid 5031] <... ioctl resumed>) = 0 [pid 5034] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5031] close(3 [pid 5034] <... openat resumed>) = 4 [pid 5031] <... close resumed>) = 0 [pid 5034] ioctl(4, LOOP_SET_FD, 3 [pid 5031] mkdir("./file0", 0777 [pid 5034] <... ioctl resumed>) = 0 [pid 5031] <... mkdir resumed>) = 0 [pid 5034] close(3 [pid 5031] mount("/dev/loop4", "./file0", "hfsplus", 0, "" [pid 5034] <... close resumed>) = 0 [pid 5034] mkdir("./file0", 0777) = 0 [ 81.291837][ T5030] ? hfsplus_iget+0x7c0/0x7c0 [ 81.296598][ T5030] ? zisofs_cleanup+0x20/0x20 [ 81.301347][ T5030] legacy_get_tree+0x109/0x220 [ 81.306189][ T5030] vfs_get_tree+0x8d/0x350 [ 81.310682][ T5030] path_mount+0x134b/0x1e40 [ 81.315268][ T5030] ? kmem_cache_free+0xe9/0x480 [ 81.320225][ T5030] ? finish_automount+0x9b0/0x9b0 [ 81.321580][ T5031] loop4: detected capacity change from 0 to 1024 [ 81.328168][ T5034] loop3: detected capacity change from 0 to 1024 [ 81.338048][ T5030] ? putname+0x102/0x140 [pid 5034] mount("/dev/loop3", "./file0", "hfsplus", 0, "" [pid 5033] symlink("/dev/binderfs", "./binderfs" [pid 5032] symlink("/dev/binderfs", "./binderfs" [pid 5033] <... symlink resumed>) = 0 [pid 5032] <... symlink resumed>) = 0 [pid 5031] <... mount resumed>) = 0 [pid 5033] memfd_create("syzkaller", 0 [pid 5032] memfd_create("syzkaller", 0 [pid 5031] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5034] <... mount resumed>) = 0 [pid 5033] <... memfd_create resumed>) = 3 [pid 5032] <... memfd_create resumed>) = 3 [pid 5031] <... openat resumed>) = 3 [pid 5034] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5031] chdir("./file0" [pid 5034] <... openat resumed>) = 3 [pid 5033] <... mmap resumed>) = 0x7f81653df000 [pid 5032] <... mmap resumed>) = 0x7f81653df000 [pid 5031] <... chdir resumed>) = 0 [pid 5034] chdir("./file0" [pid 5033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5032] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5031] ioctl(4, LOOP_CLR_FD [pid 5034] <... chdir resumed>) = 0 [pid 5033] <... write resumed>) = 524288 [pid 5032] <... write resumed>) = 524288 [pid 5031] <... ioctl resumed>) = 0 [ 81.342364][ T5030] __x64_sys_mount+0x283/0x300 [ 81.347204][ T5030] ? copy_mnt_ns+0xb30/0xb30 [ 81.351862][ T5030] ? lockdep_hardirqs_on+0x7d/0x100 [ 81.357203][ T5030] ? _raw_spin_unlock_irq+0x2e/0x50 [ 81.362471][ T5030] ? ptrace_notify+0xfe/0x140 [ 81.367220][ T5030] do_syscall_64+0x39/0xb0 [ 81.371712][ T5030] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 81.377690][ T5030] RIP: 0033:0x7f816d82df0a [pid 5034] ioctl(4, LOOP_CLR_FD [pid 5031] close(4 [pid 5034] <... ioctl resumed>) = 0 [pid 5031] <... close resumed>) = 0 [pid 5034] close(4 [pid 5031] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5034] <... close resumed>) = 0 [pid 5031] <... openat resumed>) = 4 [pid 5034] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5033] munmap(0x7f81653df000, 524288 [pid 5032] munmap(0x7f81653df000, 524288 [pid 5031] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5034] <... openat resumed>) = 4 [pid 5033] <... munmap resumed>) = 0 [pid 5032] <... munmap resumed>) = 0 [pid 5031] <... ioctl resumed>) = 0 [pid 5034] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 5033] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5032] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5031] exit_group(0 [pid 5034] <... ioctl resumed>) = 0 [ 81.382153][ T5030] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 81.401945][ T5030] RSP: 002b:00007ffd9592d6f8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 81.410410][ T5030] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f816d82df0a [ 81.418426][ T5030] RDX: 0000000020000500 RSI: 0000000020000080 RDI: 00007ffd9592d710 [ 81.426439][ T5030] RBP: 00007ffd9592d710 R08: 00007ffd9592d750 R09: 0000000000000614 [ 81.434458][ T5030] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004 [pid 5033] <... openat resumed>) = 4 [pid 5032] <... openat resumed>) = 4 [pid 5031] <... exit_group resumed>) = ? [pid 5034] exit_group(0 [pid 5033] ioctl(4, LOOP_SET_FD, 3 [pid 5032] ioctl(4, LOOP_SET_FD, 3 [pid 5031] +++ exited with 0 +++ [pid 5034] <... exit_group resumed>) = ? [pid 5033] <... ioctl resumed>) = 0 [pid 5032] <... ioctl resumed>) = 0 [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5031, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5034] +++ exited with 0 +++ [pid 5033] close(3 [pid 5032] close(3 [pid 5011] restart_syscall(<... resuming interrupted clone ...> [pid 5033] <... close resumed>) = 0 [pid 5032] <... close resumed>) = 0 [pid 5011] <... restart_syscall resumed>) = 0 [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5034, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5033] mkdir("./file0", 0777 [pid 5032] mkdir("./file0", 0777 [pid 5010] restart_syscall(<... resuming interrupted clone ...> [pid 5033] <... mkdir resumed>) = 0 [pid 5032] <... mkdir resumed>) = 0 [pid 5010] <... restart_syscall resumed>) = 0 [ 81.442594][ T5030] R13: 0000555556eac2c0 R14: 0000000000000000 R15: 00007ffd9592d750 [ 81.446332][ T5032] loop5: detected capacity change from 0 to 1024 [ 81.446583][ T5033] loop2: detected capacity change from 0 to 1024 [ 81.463287][ T5030] [ 81.466560][ T5030] Kernel Offset: disabled [ 81.470913][ T5030] Rebooting in 86400 seconds..