./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1854413664 <...> ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6402] chdir(".") = 0 [pid 6402] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6400] <... futex resumed>) = 0 [pid 6400] exit_group(0) = ? [pid 6402] <... futex resumed>) = ? [pid 6402] +++ exited with 0 +++ [pid 6401] <... futex resumed>) = ? [pid 6401] +++ exited with 0 +++ [pid 6400] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6400, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./464", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./464", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./464/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./464/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./464/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./464/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./464/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./464/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 124.500947][ T6401] loop0: detected capacity change from 0 to 1024 umount2("./464/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./464/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./464/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./464") = 0 mkdir("./465", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6403 ./strace-static-x86_64: Process 6403 attached [pid 6403] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6403] chdir("./465") = 0 [pid 6403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6403] setpgid(0, 0) = 0 [pid 6403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6403] write(3, "1000", 4) = 4 [pid 6403] close(3) = 0 [pid 6403] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6403] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6403] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6403] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6404], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6404 [pid 6403] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6403] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6404 attached [pid 6404] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6404] memfd_create("syzkaller", 0) = 3 [pid 6404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6404] munmap(0x7f5464ee2000, 524288) = 0 [pid 6404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6404] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6404] close(3) = 0 [pid 6404] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6404] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6404] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6404] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6404] ioctl(4, LOOP_CLR_FD) = 0 [pid 6404] close(4) = 0 [pid 6404] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6403] <... futex resumed>) = 0 [pid 6404] <... futex resumed>) = 1 [pid 6403] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6404] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6403] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6403] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6403] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6405], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6405 [pid 6403] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6403] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6404] <... mknodat resumed>) = 0 [pid 6404] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6404] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6405 attached [pid 6405] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6405] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6405] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6405] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6405] chdir(".") = 0 [pid 6405] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6403] <... futex resumed>) = 0 [pid 6405] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6403] exit_group(0 [pid 6405] <... futex resumed>) = ? [pid 6404] <... futex resumed>) = ? [pid 6403] <... exit_group resumed>) = ? [pid 6405] +++ exited with 0 +++ [pid 6404] +++ exited with 0 +++ [pid 6403] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6403, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./465", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./465", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 124.603745][ T6404] loop0: detected capacity change from 0 to 1024 umount2("./465/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./465/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./465/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./465/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./465/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./465/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./465/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./465/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./465/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./465") = 0 mkdir("./466", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6406 ./strace-static-x86_64: Process 6406 attached [pid 6406] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6406] chdir("./466") = 0 [pid 6406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6406] setpgid(0, 0) = 0 [pid 6406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6406] write(3, "1000", 4) = 4 [pid 6406] close(3) = 0 [pid 6406] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6406] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6406] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6406] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6407 attached , parent_tid=[6407], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6407 [pid 6407] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6407] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6406] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6407] <... futex resumed>) = 0 [pid 6406] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6407] memfd_create("syzkaller", 0) = 3 [pid 6407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6407] munmap(0x7f5464ee2000, 524288) = 0 [pid 6407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6407] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6407] close(3) = 0 [pid 6407] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6407] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6407] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6407] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6407] ioctl(4, LOOP_CLR_FD) = 0 [pid 6407] close(4) = 0 [pid 6407] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] <... futex resumed>) = 0 [pid 6406] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6406] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6406] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6406] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6408], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6408 [pid 6406] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6406] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6407] <... futex resumed>) = 1 [pid 6407] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6408 attached [pid 6408] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6408] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6408] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6407] <... mknodat resumed>) = 0 [pid 6407] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6407] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6408] <... mount resumed>) = 0 [pid 6408] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6408] chdir(".") = 0 [pid 6408] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] <... futex resumed>) = 0 [pid 6406] exit_group(0) = ? [pid 6407] <... futex resumed>) = ? [pid 6408] <... futex resumed>) = ? [pid 6408] +++ exited with 0 +++ [pid 6407] +++ exited with 0 +++ [pid 6406] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6406, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./466", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./466", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./466/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./466/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 124.715281][ T6407] loop0: detected capacity change from 0 to 1024 lstat("./466/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./466/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./466/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./466/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./466/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./466/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./466/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./466") = 0 mkdir("./467", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6409 ./strace-static-x86_64: Process 6409 attached [pid 6409] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6409] chdir("./467") = 0 [pid 6409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6409] setpgid(0, 0) = 0 [pid 6409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6409] write(3, "1000", 4) = 4 [pid 6409] close(3) = 0 [pid 6409] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6409] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6409] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6409] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6410 attached , parent_tid=[6410], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6410 [pid 6409] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6409] <... futex resumed>) = 0 [pid 6409] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6410] memfd_create("syzkaller", 0) = 3 [pid 6410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6410] munmap(0x7f5464ee2000, 524288) = 0 [pid 6410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6410] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6410] close(3) = 0 [pid 6410] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6410] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6410] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6410] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6410] ioctl(4, LOOP_CLR_FD) = 0 [pid 6410] close(4) = 0 [pid 6410] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6409] <... futex resumed>) = 0 [pid 6409] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6409] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6409] <... futex resumed>) = 0 [pid 6409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6409] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6409] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6411], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6411 [pid 6409] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6409] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6410] <... mknodat resumed>) = 0 [pid 6410] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6410] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6411 attached [pid 6411] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6411] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6411] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6411] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6411] chdir(".") = 0 [pid 6411] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6409] <... futex resumed>) = 0 [pid 6411] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6409] exit_group(0 [pid 6410] <... futex resumed>) = ? [pid 6409] <... exit_group resumed>) = ? [pid 6410] +++ exited with 0 +++ [pid 6411] <... futex resumed>) = ? [pid 6411] +++ exited with 0 +++ [pid 6409] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6409, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./467", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./467", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./467/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 124.815907][ T6410] loop0: detected capacity change from 0 to 1024 umount2("./467/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./467/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./467/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./467/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./467/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./467/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./467/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./467/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./467") = 0 mkdir("./468", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6412 ./strace-static-x86_64: Process 6412 attached [pid 6412] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6412] chdir("./468") = 0 [pid 6412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6412] setpgid(0, 0) = 0 [pid 6412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6412] write(3, "1000", 4) = 4 [pid 6412] close(3) = 0 [pid 6412] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6412] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6412] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6412] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6413 attached , parent_tid=[6413], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6413 [pid 6412] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6412] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6413] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6413] memfd_create("syzkaller", 0) = 3 [pid 6413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6413] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6413] munmap(0x7f5464ee2000, 524288) = 0 [pid 6413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6413] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6413] close(3) = 0 [pid 6413] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6413] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6413] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6413] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6413] ioctl(4, LOOP_CLR_FD) = 0 [pid 6413] close(4) = 0 [pid 6413] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6412] <... futex resumed>) = 0 [pid 6412] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6412] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6412] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6412] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6414], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6414 [pid 6412] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6412] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6413] <... futex resumed>) = 1 [pid 6413] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6414 attached [pid 6414] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6414] mkdir(".", 0777 [pid 6413] <... mknodat resumed>) = 0 [pid 6413] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6413] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6414] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6414] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6414] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6414] chdir(".") = 0 [pid 6414] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6412] <... futex resumed>) = 0 [pid 6412] exit_group(0) = ? [pid 6413] <... futex resumed>) = ? [pid 6413] +++ exited with 0 +++ [pid 6414] <... futex resumed>) = ? [pid 6414] +++ exited with 0 +++ [pid 6412] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6412, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./468", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./468", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./468/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./468/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./468/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./468/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./468/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./468/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./468/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./468/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./468/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 124.933490][ T6413] loop0: detected capacity change from 0 to 1024 rmdir("./468") = 0 mkdir("./469", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6415 ./strace-static-x86_64: Process 6415 attached [pid 6415] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6415] chdir("./469") = 0 [pid 6415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6415] setpgid(0, 0) = 0 [pid 6415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6415] write(3, "1000", 4) = 4 [pid 6415] close(3) = 0 [pid 6415] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6415] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6415] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6415] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6416 attached [pid 6416] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6415] <... clone resumed>, parent_tid=[6416], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6416 [pid 6415] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6415] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6416] memfd_create("syzkaller", 0) = 3 [pid 6416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6416] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6416] munmap(0x7f5464ee2000, 524288) = 0 [pid 6416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6416] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6416] close(3) = 0 [pid 6416] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6416] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6416] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6416] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6416] ioctl(4, LOOP_CLR_FD) = 0 [pid 6416] close(4) = 0 [pid 6416] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6415] <... futex resumed>) = 0 [pid 6415] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6415] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6415] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6415] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6417], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6417 [pid 6415] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6415] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6416] <... futex resumed>) = 1 [pid 6416] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6416] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6416] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6417 attached [pid 6417] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6417] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6417] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6417] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6417] chdir(".") = 0 [pid 6417] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6415] <... futex resumed>) = 0 [pid 6415] exit_group(0 [pid 6416] <... futex resumed>) = ? [pid 6415] <... exit_group resumed>) = ? [pid 6416] +++ exited with 0 +++ [pid 6417] <... futex resumed>) = ? [pid 6417] +++ exited with 0 +++ [pid 6415] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6415, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./469", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./469", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./469/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./469/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./469/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./469/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./469/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./469/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./469/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./469/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./469/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./469") = 0 mkdir("./470", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6418 [ 125.037380][ T6416] loop0: detected capacity change from 0 to 1024 ./strace-static-x86_64: Process 6418 attached [pid 6418] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6418] chdir("./470") = 0 [pid 6418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6418] setpgid(0, 0) = 0 [pid 6418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6418] write(3, "1000", 4) = 4 [pid 6418] close(3) = 0 [pid 6418] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6418] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6418] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6418] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6419], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6419 ./strace-static-x86_64: Process 6419 attached [pid 6418] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6419] set_robust_list(0x7f546d3029e0, 24 [pid 6418] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6419] <... set_robust_list resumed>) = 0 [pid 6419] memfd_create("syzkaller", 0) = 3 [pid 6419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6419] munmap(0x7f5464ee2000, 524288) = 0 [pid 6419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6419] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6419] close(3) = 0 [pid 6419] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6419] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6419] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6419] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6419] ioctl(4, LOOP_CLR_FD) = 0 [pid 6419] close(4) = 0 [pid 6419] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] <... futex resumed>) = 0 [pid 6418] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6418] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6418] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6418] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6420], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6420 [pid 6418] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6418] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6419] <... futex resumed>) = 1 [pid 6419] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6419] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6419] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6420 attached [pid 6420] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6420] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6420] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6420] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6420] chdir(".") = 0 [pid 6420] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6418] <... futex resumed>) = 0 [pid 6420] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6418] exit_group(0 [pid 6420] <... futex resumed>) = ? [pid 6419] <... futex resumed>) = ? [pid 6418] <... exit_group resumed>) = ? [pid 6420] +++ exited with 0 +++ [pid 6419] +++ exited with 0 +++ [pid 6418] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6418, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./470", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./470", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./470/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./470/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./470/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./470/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./470/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./470/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./470/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./470/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 125.130042][ T6419] loop0: detected capacity change from 0 to 1024 unlink("./470/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./470") = 0 mkdir("./471", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6421 ./strace-static-x86_64: Process 6421 attached [pid 6421] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6421] chdir("./471") = 0 [pid 6421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6421] setpgid(0, 0) = 0 [pid 6421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6421] write(3, "1000", 4) = 4 [pid 6421] close(3) = 0 [pid 6421] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6421] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6421] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6421] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6422 attached , parent_tid=[6422], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6422 [pid 6422] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6421] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6421] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6422] memfd_create("syzkaller", 0) = 3 [pid 6422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6422] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6422] munmap(0x7f5464ee2000, 524288) = 0 [pid 6422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6422] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6422] close(3) = 0 [pid 6422] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6422] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6422] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6422] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6422] ioctl(4, LOOP_CLR_FD) = 0 [pid 6422] close(4) = 0 [pid 6422] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6421] <... futex resumed>) = 0 [pid 6422] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6421] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6421] <... futex resumed>) = 0 [pid 6422] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6421] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... mknodat resumed>) = 0 [pid 6421] <... futex resumed>) = 0 [pid 6422] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6422] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6421] <... mmap resumed>) = 0x7f5464f41000 [pid 6421] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6421] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6423 attached , parent_tid=[6423], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6423 [pid 6423] set_robust_list(0x7f5464f619e0, 24 [pid 6421] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] <... set_robust_list resumed>) = 0 [pid 6421] <... futex resumed>) = 0 [pid 6423] mkdir(".", 0777 [pid 6421] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6423] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6423] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6423] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6423] chdir(".") = 0 [ 125.242476][ T6422] loop0: detected capacity change from 0 to 1024 [pid 6423] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6421] <... futex resumed>) = 0 [pid 6423] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6421] exit_group(0 [pid 6423] <... futex resumed>) = ? [pid 6422] <... futex resumed>) = ? [pid 6421] <... exit_group resumed>) = ? [pid 6423] +++ exited with 0 +++ [pid 6422] +++ exited with 0 +++ [pid 6421] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6421, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./471", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./471", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./471/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./471/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./471/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./471/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./471/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./471/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./471/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./471/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./471/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./471") = 0 mkdir("./472", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6424 ./strace-static-x86_64: Process 6424 attached [pid 6424] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6424] chdir("./472") = 0 [pid 6424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6424] setpgid(0, 0) = 0 [pid 6424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6424] write(3, "1000", 4) = 4 [pid 6424] close(3) = 0 [pid 6424] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6424] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6424] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6424] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6425], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6425 [pid 6424] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6424] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6425 attached [pid 6425] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6425] memfd_create("syzkaller", 0) = 3 [pid 6425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6425] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6425] munmap(0x7f5464ee2000, 524288) = 0 [pid 6425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6425] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6425] close(3) = 0 [pid 6425] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6425] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6425] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6425] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6425] ioctl(4, LOOP_CLR_FD) = 0 [pid 6425] close(4) = 0 [pid 6425] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6425] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6424] <... futex resumed>) = 0 [pid 6424] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6425] <... futex resumed>) = 0 [pid 6424] <... futex resumed>) = 1 [pid 6424] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6425] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6424] <... mmap resumed>) = 0x7f5464f41000 [pid 6424] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6424] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6426], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6426 [pid 6424] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6424] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6426 attached [pid 6426] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6426] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6426] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6425] <... mknodat resumed>) = 0 [pid 6425] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6425] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6426] <... mount resumed>) = 0 [pid 6426] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6426] chdir(".") = 0 [pid 6426] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6424] <... futex resumed>) = 0 [pid 6424] exit_group(0 [pid 6425] <... futex resumed>) = ? [pid 6424] <... exit_group resumed>) = ? [pid 6425] +++ exited with 0 +++ [pid 6426] <... futex resumed>) = ? [pid 6426] +++ exited with 0 +++ [pid 6424] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6424, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./472", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./472", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./472/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./472/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 125.362700][ T6425] loop0: detected capacity change from 0 to 1024 lstat("./472/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./472/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./472/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./472/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./472/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./472/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./472/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./472") = 0 mkdir("./473", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6427 attached [pid 6427] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6427] chdir("./473" [pid 4999] <... clone resumed>, child_tidptr=0x5555561b25d0) = 6427 [pid 6427] <... chdir resumed>) = 0 [pid 6427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6427] setpgid(0, 0) = 0 [pid 6427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6427] write(3, "1000", 4) = 4 [pid 6427] close(3) = 0 [pid 6427] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6427] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6427] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6427] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6428 attached , parent_tid=[6428], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6428 [pid 6428] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6428] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6427] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6428] <... futex resumed>) = 0 [pid 6427] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6428] memfd_create("syzkaller", 0) = 3 [pid 6428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6428] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6428] munmap(0x7f5464ee2000, 524288) = 0 [pid 6428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6428] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6428] close(3) = 0 [pid 6428] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6428] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6428] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6428] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6428] ioctl(4, LOOP_CLR_FD) = 0 [pid 6428] close(4) = 0 [pid 6428] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6427] <... futex resumed>) = 0 [pid 6427] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6427] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6428] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6427] <... mmap resumed>) = 0x7f5464f41000 [pid 6427] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6427] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6429], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6429 [pid 6427] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6427] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6429 attached [pid 6429] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6429] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6429] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6428] <... mknodat resumed>) = 0 [pid 6428] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6428] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6429] <... mount resumed>) = 0 [pid 6429] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6429] chdir(".") = 0 [pid 6429] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6429] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6427] <... futex resumed>) = 0 [pid 6427] exit_group(0 [pid 6429] <... futex resumed>) = ? [pid 6427] <... exit_group resumed>) = ? [pid 6429] +++ exited with 0 +++ [pid 6428] <... futex resumed>) = ? [pid 6428] +++ exited with 0 +++ [pid 6427] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6427, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./473", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./473", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./473/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./473/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./473/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./473/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./473/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./473/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./473/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./473/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./473/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./473") = 0 mkdir("./474", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 125.475099][ T6428] loop0: detected capacity change from 0 to 1024 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6430 ./strace-static-x86_64: Process 6430 attached [pid 6430] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6430] chdir("./474") = 0 [pid 6430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6430] setpgid(0, 0) = 0 [pid 6430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6430] write(3, "1000", 4) = 4 [pid 6430] close(3) = 0 [pid 6430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6430] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6430] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6430] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6431], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6431 [pid 6430] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6430] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6431 attached [pid 6431] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6431] memfd_create("syzkaller", 0) = 3 [pid 6431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6431] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6431] munmap(0x7f5464ee2000, 524288) = 0 [pid 6431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6431] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6431] close(3) = 0 [pid 6431] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6431] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6431] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6431] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6431] ioctl(4, LOOP_CLR_FD) = 0 [pid 6431] close(4) = 0 [pid 6431] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6430] <... futex resumed>) = 0 [pid 6431] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6430] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6430] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6430] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6430] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6432], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6432 [pid 6430] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6430] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6431] <... mknodat resumed>) = 0 [pid 6431] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6431] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6432 attached [pid 6432] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6432] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6432] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6432] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6432] chdir(".") = 0 [pid 6432] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6430] <... futex resumed>) = 0 [pid 6432] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6430] exit_group(0 [pid 6432] <... futex resumed>) = ? [pid 6430] <... exit_group resumed>) = ? [pid 6432] +++ exited with 0 +++ [pid 6431] <... futex resumed>) = ? [pid 6431] +++ exited with 0 +++ [pid 6430] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6430, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./474", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./474", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./474/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./474/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 125.572420][ T6431] loop0: detected capacity change from 0 to 1024 lstat("./474/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./474/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./474/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./474/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./474/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./474/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./474/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./474") = 0 mkdir("./475", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6433 ./strace-static-x86_64: Process 6433 attached [pid 6433] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6433] chdir("./475") = 0 [pid 6433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6433] setpgid(0, 0) = 0 [pid 6433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6433] write(3, "1000", 4) = 4 [pid 6433] close(3) = 0 [pid 6433] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6433] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6433] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6433] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6434], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6434 [pid 6433] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6433] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6434 attached [pid 6434] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6434] memfd_create("syzkaller", 0) = 3 [pid 6434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6434] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6434] munmap(0x7f5464ee2000, 524288) = 0 [pid 6434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6434] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6434] close(3) = 0 [pid 6434] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6434] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6434] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6434] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6434] ioctl(4, LOOP_CLR_FD) = 0 [pid 6434] close(4) = 0 [pid 6434] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6433] <... futex resumed>) = 0 [pid 6433] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6433] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6433] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6433] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6435], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6435 [pid 6433] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6433] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6434] <... futex resumed>) = 1 [pid 6434] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6435 attached [pid 6435] set_robust_list(0x7f5464f619e0, 24 [pid 6434] <... mknodat resumed>) = 0 [pid 6435] <... set_robust_list resumed>) = 0 [pid 6434] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6434] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6435] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6435] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6435] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6435] chdir(".") = 0 [pid 6435] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6433] <... futex resumed>) = 0 [pid 6433] exit_group(0 [pid 6434] <... futex resumed>) = ? [pid 6433] <... exit_group resumed>) = ? [pid 6435] +++ exited with 0 +++ [pid 6434] +++ exited with 0 +++ [pid 6433] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6433, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./475", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./475", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./475/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./475/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./475/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./475/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./475/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./475/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./475/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./475/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./475/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./475") = 0 mkdir("./476", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 125.678335][ T6434] loop0: detected capacity change from 0 to 1024 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6436 attached [pid 6436] set_robust_list(0x5555561b25e0, 24 [pid 4999] <... clone resumed>, child_tidptr=0x5555561b25d0) = 6436 [pid 6436] <... set_robust_list resumed>) = 0 [pid 6436] chdir("./476") = 0 [pid 6436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6436] setpgid(0, 0) = 0 [pid 6436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6436] write(3, "1000", 4) = 4 [pid 6436] close(3) = 0 [pid 6436] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6436] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6436] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6436] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6437 attached [pid 6437] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6437] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6436] <... clone resumed>, parent_tid=[6437], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6437 [pid 6436] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6437] <... futex resumed>) = 0 [pid 6436] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6437] memfd_create("syzkaller", 0) = 3 [pid 6437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6437] munmap(0x7f5464ee2000, 524288) = 0 [pid 6437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6437] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6437] close(3) = 0 [pid 6437] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6437] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6437] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6437] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6437] ioctl(4, LOOP_CLR_FD) = 0 [pid 6437] close(4) = 0 [pid 6437] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6436] <... futex resumed>) = 0 [pid 6436] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6436] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6436] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6436] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6438], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6438 [pid 6436] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6436] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6437] <... futex resumed>) = 1 [pid 6437] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6438 attached [pid 6438] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6438] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6438] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6437] <... mknodat resumed>) = 0 [pid 6437] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6437] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6438] <... mount resumed>) = 0 [pid 6438] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6438] chdir(".") = 0 [pid 6438] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6436] <... futex resumed>) = 0 [pid 6438] <... futex resumed>) = 1 [pid 6436] exit_group(0) = ? [pid 6437] <... futex resumed>) = ? [pid 6437] +++ exited with 0 +++ [pid 6438] +++ exited with 0 +++ [pid 6436] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6436, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./476", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./476", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./476/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./476/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./476/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./476/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./476/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./476/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./476/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./476/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./476/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 125.772734][ T6437] loop0: detected capacity change from 0 to 1024 rmdir("./476") = 0 mkdir("./477", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6439 ./strace-static-x86_64: Process 6439 attached [pid 6439] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6439] chdir("./477") = 0 [pid 6439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6439] setpgid(0, 0) = 0 [pid 6439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6439] write(3, "1000", 4) = 4 [pid 6439] close(3) = 0 [pid 6439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6439] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6439] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6439] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6440], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6440 [pid 6439] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6439] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6440 attached [pid 6440] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6440] memfd_create("syzkaller", 0) = 3 [pid 6440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6440] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6440] munmap(0x7f5464ee2000, 524288) = 0 [pid 6440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6440] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6440] close(3) = 0 [pid 6440] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6440] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6440] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6440] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6440] ioctl(4, LOOP_CLR_FD) = 0 [pid 6440] close(4) = 0 [pid 6440] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] <... futex resumed>) = 0 [pid 6440] <... futex resumed>) = 1 [pid 6439] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6439] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6439] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6439] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6441], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6441 [pid 6439] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6439] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6440] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6440] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6440] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6441 attached [pid 6441] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6441] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6441] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6441] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6441] chdir(".") = 0 [pid 6441] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6439] <... futex resumed>) = 0 [pid 6441] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6439] exit_group(0) = ? [pid 6441] <... futex resumed>) = ? [pid 6441] +++ exited with 0 +++ [pid 6440] <... futex resumed>) = ? [pid 6440] +++ exited with 0 +++ [pid 6439] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6439, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./477", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./477", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./477/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./477/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./477/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./477/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./477/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 125.866145][ T6440] loop0: detected capacity change from 0 to 1024 rmdir("./477/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./477/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./477/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./477/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./477") = 0 mkdir("./478", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6442 ./strace-static-x86_64: Process 6442 attached [pid 6442] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6442] chdir("./478") = 0 [pid 6442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6442] setpgid(0, 0) = 0 [pid 6442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6442] write(3, "1000", 4) = 4 [pid 6442] close(3) = 0 [pid 6442] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6442] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6442] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6442] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6443 attached , parent_tid=[6443], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6443 [pid 6443] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6443] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6442] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6443] <... futex resumed>) = 0 [pid 6442] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6443] memfd_create("syzkaller", 0) = 3 [pid 6443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6443] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6443] munmap(0x7f5464ee2000, 524288) = 0 [pid 6443] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6443] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6443] close(3) = 0 [pid 6443] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6443] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6443] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6443] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6443] ioctl(4, LOOP_CLR_FD) = 0 [pid 6443] close(4) = 0 [pid 6443] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6442] <... futex resumed>) = 0 [pid 6443] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6442] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6442] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6442] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6442] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6444], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6444 ./strace-static-x86_64: Process 6444 attached [pid 6443] <... mknodat resumed>) = 0 [pid 6442] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6444] set_robust_list(0x7f5464f619e0, 24 [pid 6442] <... futex resumed>) = 0 [pid 6444] <... set_robust_list resumed>) = 0 [pid 6442] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6444] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6443] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6444] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6443] <... futex resumed>) = 0 [pid 6443] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6444] <... mount resumed>) = 0 [pid 6444] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6444] chdir(".") = 0 [pid 6444] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6442] <... futex resumed>) = 0 [pid 6444] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6442] exit_group(0 [pid 6444] <... futex resumed>) = ? [pid 6443] <... futex resumed>) = ? [pid 6442] <... exit_group resumed>) = ? [pid 6444] +++ exited with 0 +++ [pid 6443] +++ exited with 0 +++ [pid 6442] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6442, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./478", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./478", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./478/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./478/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./478/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./478/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./478/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 125.968538][ T6443] loop0: detected capacity change from 0 to 1024 rmdir("./478/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./478/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./478/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./478/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./478") = 0 mkdir("./479", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6445 ./strace-static-x86_64: Process 6445 attached [pid 6445] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6445] chdir("./479") = 0 [pid 6445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6445] setpgid(0, 0) = 0 [pid 6445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6445] write(3, "1000", 4) = 4 [pid 6445] close(3) = 0 [pid 6445] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6445] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6445] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6445] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6446 attached , parent_tid=[6446], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6446 [pid 6446] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6446] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6445] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6446] <... futex resumed>) = 0 [pid 6445] <... futex resumed>) = 1 [pid 6445] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6446] memfd_create("syzkaller", 0) = 3 [pid 6446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6446] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6446] munmap(0x7f5464ee2000, 524288) = 0 [pid 6446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6446] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6446] close(3) = 0 [pid 6446] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6446] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6446] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6446] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6446] ioctl(4, LOOP_CLR_FD) = 0 [pid 6446] close(4) = 0 [pid 6446] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6445] <... futex resumed>) = 0 [pid 6445] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6445] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6446] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6445] <... mmap resumed>) = 0x7f5464f41000 [pid 6445] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6445] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6447], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6447 [pid 6445] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6445] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6447 attached [pid 6447] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6447] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6447] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6446] <... mknodat resumed>) = 0 [pid 6446] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] <... mount resumed>) = 0 [pid 6447] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6447] chdir(".") = 0 [pid 6447] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6447] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6445] <... futex resumed>) = 0 [pid 6446] <... futex resumed>) = 0 [pid 6445] exit_group(0 [pid 6446] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6447] <... futex resumed>) = ? [pid 6446] <... futex resumed>) = ? [pid 6445] <... exit_group resumed>) = ? [pid 6447] +++ exited with 0 +++ [pid 6446] +++ exited with 0 +++ [pid 6445] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6445, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./479", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./479", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./479/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 126.070014][ T6446] loop0: detected capacity change from 0 to 1024 umount2("./479/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./479/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./479/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./479/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./479/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./479/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./479/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./479/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./479") = 0 mkdir("./480", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6448 ./strace-static-x86_64: Process 6448 attached [pid 6448] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6448] chdir("./480") = 0 [pid 6448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6448] setpgid(0, 0) = 0 [pid 6448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6448] write(3, "1000", 4) = 4 [pid 6448] close(3) = 0 [pid 6448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6448] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6448] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6448] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6449 attached , parent_tid=[6449], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6449 [pid 6449] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6449] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6448] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6449] <... futex resumed>) = 0 [pid 6448] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6449] memfd_create("syzkaller", 0) = 3 [pid 6449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6449] munmap(0x7f5464ee2000, 524288) = 0 [pid 6449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6449] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6449] close(3) = 0 [pid 6449] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6449] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6449] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6449] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6449] ioctl(4, LOOP_CLR_FD) = 0 [pid 6449] close(4) = 0 [pid 6449] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] <... futex resumed>) = 0 [pid 6449] <... futex resumed>) = 1 [pid 6448] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6448] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6449] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6448] <... mmap resumed>) = 0x7f5464f41000 [pid 6448] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6448] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6450], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6450 [pid 6448] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6448] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6450 attached [pid 6449] <... mknodat resumed>) = 0 [pid 6449] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6449] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6450] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6450] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6450] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6450] chdir(".") = 0 [pid 6450] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] <... futex resumed>) = 0 [pid 6448] exit_group(0) = ? [pid 6450] <... futex resumed>) = ? [pid 6450] +++ exited with 0 +++ [pid 6449] <... futex resumed>) = ? [pid 6449] +++ exited with 0 +++ [pid 6448] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6448, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./480", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./480", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./480/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./480/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./480/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./480/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 126.188734][ T6449] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "./480/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./480/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./480/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./480/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./480/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./480") = 0 mkdir("./481", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6451 attached , child_tidptr=0x5555561b25d0) = 6451 [pid 6451] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6451] chdir("./481") = 0 [pid 6451] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6451] setpgid(0, 0) = 0 [pid 6451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6451] write(3, "1000", 4) = 4 [pid 6451] close(3) = 0 [pid 6451] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6451] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6451] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6451] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6452 attached , parent_tid=[6452], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6452 [pid 6452] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6452] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6451] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6452] <... futex resumed>) = 0 [pid 6451] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6452] memfd_create("syzkaller", 0) = 3 [pid 6452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6452] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6452] munmap(0x7f5464ee2000, 524288) = 0 [pid 6452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6452] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6452] close(3) = 0 [pid 6452] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6452] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6452] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6452] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6452] ioctl(4, LOOP_CLR_FD) = 0 [pid 6452] close(4) = 0 [pid 6452] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6451] <... futex resumed>) = 0 [pid 6451] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6451] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6451] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6451] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6453], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6453 [pid 6451] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6451] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6452] <... futex resumed>) = 1 [pid 6452] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6452] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6452] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6453 attached [pid 6453] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6453] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6453] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6453] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6453] chdir(".") = 0 [pid 6453] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6451] <... futex resumed>) = 0 [pid 6453] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6451] exit_group(0 [pid 6452] <... futex resumed>) = ? [pid 6453] <... futex resumed>) = ? [pid 6451] <... exit_group resumed>) = ? [pid 6452] +++ exited with 0 +++ [pid 6453] +++ exited with 0 +++ [pid 6451] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6451, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./481", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./481", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 126.290683][ T6452] loop0: detected capacity change from 0 to 1024 umount2("./481/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./481/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./481/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./481/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./481/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./481/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./481/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./481/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./481/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./481") = 0 mkdir("./482", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6454 ./strace-static-x86_64: Process 6454 attached [pid 6454] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6454] chdir("./482") = 0 [pid 6454] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6454] setpgid(0, 0) = 0 [pid 6454] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6454] write(3, "1000", 4) = 4 [pid 6454] close(3) = 0 [pid 6454] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6454] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6454] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6454] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6454] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6455], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6455 [pid 6454] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6454] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6455 attached [pid 6455] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6455] memfd_create("syzkaller", 0) = 3 [pid 6455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6455] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6455] munmap(0x7f5464ee2000, 524288) = 0 [pid 6455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6455] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6455] close(3) = 0 [pid 6455] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6455] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6455] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6455] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6455] ioctl(4, LOOP_CLR_FD) = 0 [pid 6455] close(4) = 0 [pid 6455] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6454] <... futex resumed>) = 0 [pid 6454] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6455] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6454] <... futex resumed>) = 0 [pid 6454] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6454] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6454] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6454] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6456 attached , parent_tid=[6456], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6456 [pid 6454] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6454] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6456] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6455] <... mknodat resumed>) = 0 [pid 6455] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6455] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6456] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6456] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6456] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6456] chdir(".") = 0 [pid 6456] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6454] <... futex resumed>) = 0 [pid 6454] exit_group(0 [pid 6455] <... futex resumed>) = ? [pid 6454] <... exit_group resumed>) = ? [pid 6455] +++ exited with 0 +++ [pid 6456] +++ exited with 0 +++ [pid 6454] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6454, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./482", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./482", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./482/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./482/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./482/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./482/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./482/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 126.399289][ T6455] loop0: detected capacity change from 0 to 1024 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./482/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./482/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./482/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./482/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./482") = 0 mkdir("./483", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6457 ./strace-static-x86_64: Process 6457 attached [pid 6457] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6457] chdir("./483") = 0 [pid 6457] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6457] setpgid(0, 0) = 0 [pid 6457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6457] write(3, "1000", 4) = 4 [pid 6457] close(3) = 0 [pid 6457] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6457] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6457] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6457] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6458 attached , parent_tid=[6458], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6458 [pid 6457] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6457] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6458] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6458] memfd_create("syzkaller", 0) = 3 [pid 6458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6458] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6458] munmap(0x7f5464ee2000, 524288) = 0 [pid 6458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6458] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6458] close(3) = 0 [pid 6458] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6458] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6458] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6458] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6458] ioctl(4, LOOP_CLR_FD) = 0 [pid 6458] close(4) = 0 [pid 6458] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6457] <... futex resumed>) = 0 [pid 6458] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6457] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6457] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6457] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 6458] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6457] <... mprotect resumed>) = 0 [pid 6458] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6457] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6459], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6459 [pid 6457] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6457] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6459 attached [pid 6459] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6459] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6459] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6458] <... mknodat resumed>) = 0 [pid 6458] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6458] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6459] <... mount resumed>) = 0 [pid 6459] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6459] chdir(".") = 0 [pid 6459] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6457] <... futex resumed>) = 0 [pid 6459] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6457] exit_group(0) = ? [pid 6459] <... futex resumed>) = ? [pid 6458] <... futex resumed>) = ? [pid 6459] +++ exited with 0 +++ [pid 6458] +++ exited with 0 +++ [pid 6457] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6457, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./483", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./483", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 126.498200][ T6458] loop0: detected capacity change from 0 to 1024 umount2("./483/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./483/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./483/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./483/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./483/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./483/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./483/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./483/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./483/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./483") = 0 mkdir("./484", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6460 ./strace-static-x86_64: Process 6460 attached [pid 6460] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6460] chdir("./484") = 0 [pid 6460] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6460] setpgid(0, 0) = 0 [pid 6460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6460] write(3, "1000", 4) = 4 [pid 6460] close(3) = 0 [pid 6460] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6460] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6460] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6460] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6461], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6461 [pid 6460] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6460] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6461 attached [pid 6461] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6461] memfd_create("syzkaller", 0) = 3 [pid 6461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6461] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6461] munmap(0x7f5464ee2000, 524288) = 0 [pid 6461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6461] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6461] close(3) = 0 [pid 6461] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6461] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6461] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6461] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6461] ioctl(4, LOOP_CLR_FD) = 0 [pid 6461] close(4) = 0 [pid 6461] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6460] <... futex resumed>) = 0 [pid 6460] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6460] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6461] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6460] <... mmap resumed>) = 0x7f5464f41000 [pid 6460] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6460] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6462 attached , parent_tid=[6462], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6462 [pid 6462] set_robust_list(0x7f5464f619e0, 24 [pid 6460] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6462] <... set_robust_list resumed>) = 0 [pid 6460] <... futex resumed>) = 0 [pid 6460] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6462] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6462] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6461] <... mknodat resumed>) = 0 [pid 6461] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6461] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6462] <... mount resumed>) = 0 [pid 6462] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6462] chdir(".") = 0 [pid 6462] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6460] <... futex resumed>) = 0 [pid 6462] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6460] exit_group(0) = ? [pid 6461] <... futex resumed>) = ? [pid 6462] <... futex resumed>) = ? [pid 6462] +++ exited with 0 +++ [pid 6461] +++ exited with 0 +++ [pid 6460] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6460, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./484", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./484", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 126.633553][ T6461] loop0: detected capacity change from 0 to 1024 umount2("./484/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./484/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./484/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./484/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./484/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./484/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./484/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./484/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./484/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./484") = 0 mkdir("./485", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6463 ./strace-static-x86_64: Process 6463 attached [pid 6463] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6463] chdir("./485") = 0 [pid 6463] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6463] setpgid(0, 0) = 0 [pid 6463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6463] write(3, "1000", 4) = 4 [pid 6463] close(3) = 0 [pid 6463] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6463] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6463] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6463] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6464], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6464 [pid 6463] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6463] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6464 attached [pid 6464] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6464] memfd_create("syzkaller", 0) = 3 [pid 6464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6464] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6464] munmap(0x7f5464ee2000, 524288) = 0 [pid 6464] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6464] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6464] close(3) = 0 [pid 6464] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6464] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6464] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6464] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6464] ioctl(4, LOOP_CLR_FD) = 0 [pid 6464] close(4) = 0 [pid 6464] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6463] <... futex resumed>) = 0 [pid 6464] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6463] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6463] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6463] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6463] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6465 attached , parent_tid=[6465], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6465 [pid 6463] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6463] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6465] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6465] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6464] <... mknodat resumed>) = 0 [pid 6465] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6464] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6464] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6465] <... mount resumed>) = 0 [pid 6465] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6465] chdir(".") = 0 [pid 6465] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6463] <... futex resumed>) = 0 [pid 6465] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6463] exit_group(0 [pid 6465] <... futex resumed>) = ? [pid 6464] <... futex resumed>) = ? [pid 6463] <... exit_group resumed>) = ? [pid 6464] +++ exited with 0 +++ [pid 6465] +++ exited with 0 +++ [pid 6463] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6463, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./485", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./485", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./485/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./485/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./485/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./485/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 126.746619][ T6464] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "./485/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./485/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./485/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./485/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./485/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./485") = 0 mkdir("./486", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6466 ./strace-static-x86_64: Process 6466 attached [pid 6466] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6466] chdir("./486") = 0 [pid 6466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6466] setpgid(0, 0) = 0 [pid 6466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6466] write(3, "1000", 4) = 4 [pid 6466] close(3) = 0 [pid 6466] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6466] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6466] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6466] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6467], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6467 [pid 6466] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6466] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6467 attached [pid 6467] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6467] memfd_create("syzkaller", 0) = 3 [pid 6467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6467] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6467] munmap(0x7f5464ee2000, 524288) = 0 [pid 6467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6467] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6467] close(3) = 0 [pid 6467] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6467] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6467] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6467] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6467] ioctl(4, LOOP_CLR_FD) = 0 [pid 6467] close(4) = 0 [pid 6467] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6466] <... futex resumed>) = 0 [pid 6466] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6466] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6466] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6467] <... futex resumed>) = 1 [pid 6466] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6467] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6466] <... clone resumed>, parent_tid=[6468], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6468 [pid 6466] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6466] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6467] <... mknodat resumed>) = 0 [pid 6467] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6467] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6468 attached [pid 6468] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6468] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6468] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6468] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6468] chdir(".") = 0 [pid 6468] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6466] <... futex resumed>) = 0 [pid 6466] exit_group(0 [pid 6467] <... futex resumed>) = ? [pid 6466] <... exit_group resumed>) = ? [pid 6467] +++ exited with 0 +++ [pid 6468] +++ exited with 0 +++ [pid 6466] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6466, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./486", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./486", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./486/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./486/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./486/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./486/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./486/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./486/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./486/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./486/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./486/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./486") = 0 mkdir("./487", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 126.848823][ T6467] loop0: detected capacity change from 0 to 1024 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6469 ./strace-static-x86_64: Process 6469 attached [pid 6469] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6469] chdir("./487") = 0 [pid 6469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6469] setpgid(0, 0) = 0 [pid 6469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6469] write(3, "1000", 4) = 4 [pid 6469] close(3) = 0 [pid 6469] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6469] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6469] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6469] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6470 attached , parent_tid=[6470], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6470 [pid 6470] set_robust_list(0x7f546d3029e0, 24 [pid 6469] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6470] <... set_robust_list resumed>) = 0 [pid 6469] <... futex resumed>) = 0 [pid 6469] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6470] memfd_create("syzkaller", 0) = 3 [pid 6470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6470] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6470] munmap(0x7f5464ee2000, 524288) = 0 [pid 6470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6470] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6470] close(3) = 0 [pid 6470] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6470] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6470] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6470] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6470] ioctl(4, LOOP_CLR_FD) = 0 [pid 6470] close(4) = 0 [pid 6470] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6469] <... futex resumed>) = 0 [pid 6469] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6469] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6469] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6469] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6471], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6471 [pid 6469] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6470] <... futex resumed>) = 1 [pid 6469] <... futex resumed>) = 0 [pid 6470] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6469] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6470] <... mknodat resumed>) = 0 [pid 6470] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6470] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6471 attached [pid 6471] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6471] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6471] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6471] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6471] chdir(".") = 0 [pid 6471] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6469] <... futex resumed>) = 0 [pid 6469] exit_group(0 [pid 6470] <... futex resumed>) = ? [pid 6469] <... exit_group resumed>) = ? [pid 6470] +++ exited with 0 +++ [pid 6471] <... futex resumed>) = ? [pid 6471] +++ exited with 0 +++ [pid 6469] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6469, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./487", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./487", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./487/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./487/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./487/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./487/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./487/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./487/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./487/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 126.960481][ T6470] loop0: detected capacity change from 0 to 1024 lstat("./487/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./487/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./487") = 0 mkdir("./488", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6472 ./strace-static-x86_64: Process 6472 attached [pid 6472] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6472] chdir("./488") = 0 [pid 6472] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6472] setpgid(0, 0) = 0 [pid 6472] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6472] write(3, "1000", 4) = 4 [pid 6472] close(3) = 0 [pid 6472] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6472] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6472] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6472] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6473 attached , parent_tid=[6473], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6473 [pid 6472] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6473] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6473] memfd_create("syzkaller", 0) = 3 [pid 6473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6473] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6473] munmap(0x7f5464ee2000, 524288) = 0 [pid 6473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6473] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6473] close(3) = 0 [pid 6473] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6473] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6473] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6473] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6473] ioctl(4, LOOP_CLR_FD) = 0 [pid 6473] close(4) = 0 [pid 6473] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6473] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6472] <... futex resumed>) = 0 [pid 6472] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6473] <... futex resumed>) = 0 [pid 6472] <... futex resumed>) = 1 [pid 6473] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6472] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6472] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6472] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6474], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6474 [pid 6472] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6474 attached [pid 6474] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6474] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6474] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6473] <... mknodat resumed>) = 0 [pid 6473] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6473] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6474] <... mount resumed>) = 0 [pid 6474] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [ 127.065178][ T6473] loop0: detected capacity change from 0 to 1024 [pid 6474] chdir(".") = 0 [pid 6474] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] <... futex resumed>) = 0 [pid 6472] exit_group(0 [pid 6473] <... futex resumed>) = ? [pid 6472] <... exit_group resumed>) = ? [pid 6473] +++ exited with 0 +++ [pid 6474] <... futex resumed>) = ? [pid 6474] +++ exited with 0 +++ [pid 6472] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6472, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./488", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./488", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./488/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./488/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./488/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./488/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./488/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./488/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./488/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./488/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./488/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./488") = 0 mkdir("./489", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6475 ./strace-static-x86_64: Process 6475 attached [pid 6475] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6475] chdir("./489") = 0 [pid 6475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6475] setpgid(0, 0) = 0 [pid 6475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6475] write(3, "1000", 4) = 4 [pid 6475] close(3) = 0 [pid 6475] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6475] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6475] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6475] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6476], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6476 ./strace-static-x86_64: Process 6476 attached [pid 6475] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6475] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6476] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6476] memfd_create("syzkaller", 0) = 3 [pid 6476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6476] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6476] munmap(0x7f5464ee2000, 524288) = 0 [pid 6476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6476] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6476] close(3) = 0 [pid 6476] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6476] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6476] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6476] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6476] ioctl(4, LOOP_CLR_FD) = 0 [pid 6476] close(4) = 0 [pid 6476] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6475] <... futex resumed>) = 0 [pid 6475] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6475] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6476] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6475] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6475] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6476] <... mknodat resumed>) = 0 [pid 6476] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6475] <... clone resumed>, parent_tid=[6477], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6477 [pid 6475] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6475] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6477 attached [pid 6476] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6477] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6477] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6477] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6477] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6477] chdir(".") = 0 [ 127.192596][ T6476] loop0: detected capacity change from 0 to 1024 [pid 6477] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6475] <... futex resumed>) = 0 [pid 6475] exit_group(0 [pid 6476] <... futex resumed>) = ? [pid 6475] <... exit_group resumed>) = ? [pid 6476] +++ exited with 0 +++ [pid 6477] +++ exited with 0 +++ [pid 6475] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6475, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./489", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./489", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./489/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./489/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./489/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./489/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./489/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./489/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./489/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./489/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./489/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./489") = 0 mkdir("./490", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6478 ./strace-static-x86_64: Process 6478 attached [pid 6478] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6478] chdir("./490") = 0 [pid 6478] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6478] setpgid(0, 0) = 0 [pid 6478] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6478] write(3, "1000", 4) = 4 [pid 6478] close(3) = 0 [pid 6478] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6478] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6478] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6478] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6478] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6479 attached , parent_tid=[6479], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6479 [pid 6479] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6479] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6478] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6479] <... futex resumed>) = 0 [pid 6478] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6479] memfd_create("syzkaller", 0) = 3 [pid 6479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6479] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6479] munmap(0x7f5464ee2000, 524288) = 0 [pid 6479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6479] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6479] close(3) = 0 [pid 6479] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6479] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6479] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6479] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6479] ioctl(4, LOOP_CLR_FD) = 0 [pid 6479] close(4) = 0 [pid 6479] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6479] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6478] <... futex resumed>) = 0 [pid 6478] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6478] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6478] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6479] <... futex resumed>) = 0 [pid 6479] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6478] <... mmap resumed>) = 0x7f5464f41000 [pid 6478] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6478] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6480], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6480 [pid 6478] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6478] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6479] <... mknodat resumed>) = 0 [pid 6479] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6480 attached [pid 6480] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6480] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6480] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6480] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6480] chdir(".") = 0 [pid 6480] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6478] <... futex resumed>) = 0 [pid 6480] <... futex resumed>) = 1 [pid 6480] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6478] exit_group(0 [pid 6480] <... futex resumed>) = ? [pid 6479] <... futex resumed>) = ? [pid 6478] <... exit_group resumed>) = ? [pid 6479] +++ exited with 0 +++ [pid 6480] +++ exited with 0 +++ [pid 6478] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6478, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./490", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./490", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 127.333131][ T6479] loop0: detected capacity change from 0 to 1024 umount2("./490/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./490/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./490/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./490/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./490/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./490/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./490/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./490/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./490/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./490") = 0 mkdir("./491", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6481 ./strace-static-x86_64: Process 6481 attached [pid 6481] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6481] chdir("./491") = 0 [pid 6481] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6481] setpgid(0, 0) = 0 [pid 6481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6481] write(3, "1000", 4) = 4 [pid 6481] close(3) = 0 [pid 6481] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6481] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6481] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6481] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6482], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6482 ./strace-static-x86_64: Process 6482 attached [pid 6481] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6481] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6482] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6482] memfd_create("syzkaller", 0) = 3 [pid 6482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6482] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6482] munmap(0x7f5464ee2000, 524288) = 0 [pid 6482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6482] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6482] close(3) = 0 [pid 6482] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6482] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6482] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6482] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6482] ioctl(4, LOOP_CLR_FD) = 0 [pid 6482] close(4) = 0 [pid 6482] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6481] <... futex resumed>) = 0 [pid 6482] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6481] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6482] <... futex resumed>) = 0 [pid 6481] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6482] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6481] <... futex resumed>) = 0 [pid 6481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6481] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6481] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6483], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6483 [pid 6481] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6481] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6482] <... mknodat resumed>) = 0 [pid 6482] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6482] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6483 attached [pid 6483] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6483] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6483] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6483] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6483] chdir(".") = 0 [pid 6483] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6481] <... futex resumed>) = 0 [pid 6483] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6481] exit_group(0 [pid 6482] <... futex resumed>) = ? [pid 6481] <... exit_group resumed>) = ? [pid 6482] +++ exited with 0 +++ [pid 6483] <... futex resumed>) = ? [pid 6483] +++ exited with 0 +++ [pid 6481] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6481, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./491", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./491", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./491/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./491/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./491/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./491/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./491/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./491/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./491/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./491/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./491/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./491") = 0 mkdir("./492", 0777) = 0 [ 127.443533][ T6482] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6484 ./strace-static-x86_64: Process 6484 attached [pid 6484] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6484] chdir("./492") = 0 [pid 6484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6484] setpgid(0, 0) = 0 [pid 6484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6484] write(3, "1000", 4) = 4 [pid 6484] close(3) = 0 [pid 6484] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6484] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6484] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6484] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6485 attached , parent_tid=[6485], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6485 [pid 6485] set_robust_list(0x7f546d3029e0, 24 [pid 6484] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6485] <... set_robust_list resumed>) = 0 [pid 6484] <... futex resumed>) = 0 [pid 6484] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6485] memfd_create("syzkaller", 0) = 3 [pid 6485] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6485] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6485] munmap(0x7f5464ee2000, 524288) = 0 [pid 6485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6485] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6485] close(3) = 0 [pid 6485] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6485] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6485] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6485] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6485] ioctl(4, LOOP_CLR_FD) = 0 [pid 6485] close(4) = 0 [pid 6485] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6485] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6484] <... futex resumed>) = 0 [pid 6484] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6484] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6485] <... futex resumed>) = 0 [pid 6484] <... futex resumed>) = 0 [pid 6484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6484] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 6485] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6484] <... mprotect resumed>) = 0 [pid 6484] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6486], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6486 [pid 6484] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6484] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6485] <... mknodat resumed>) = 0 [pid 6485] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6485] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6486 attached [pid 6486] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6486] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6486] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6486] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6486] chdir(".") = 0 [pid 6486] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6484] <... futex resumed>) = 0 [pid 6486] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6484] exit_group(0 [pid 6486] <... futex resumed>) = ? [pid 6485] <... futex resumed>) = ? [pid 6484] <... exit_group resumed>) = ? [pid 6485] +++ exited with 0 +++ [pid 6486] +++ exited with 0 +++ [pid 6484] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6484, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./492", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./492", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./492/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 127.550949][ T6485] loop0: detected capacity change from 0 to 1024 umount2("./492/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./492/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./492/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./492/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./492/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./492/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./492/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./492/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./492") = 0 mkdir("./493", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6487 ./strace-static-x86_64: Process 6487 attached [pid 6487] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6487] chdir("./493") = 0 [pid 6487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6487] setpgid(0, 0) = 0 [pid 6487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6487] write(3, "1000", 4) = 4 [pid 6487] close(3) = 0 [pid 6487] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6487] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6487] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6487] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6488 attached , parent_tid=[6488], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6488 [pid 6487] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6487] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6488] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6488] memfd_create("syzkaller", 0) = 3 [pid 6488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6488] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6488] munmap(0x7f5464ee2000, 524288) = 0 [pid 6488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6488] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6488] close(3) = 0 [pid 6488] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6488] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6488] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6488] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6488] ioctl(4, LOOP_CLR_FD) = 0 [pid 6488] close(4) = 0 [pid 6488] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6487] <... futex resumed>) = 0 [pid 6487] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6487] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6487] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6487] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6489 attached , parent_tid=[6489], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6489 [pid 6487] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6487] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6488] <... futex resumed>) = 1 [pid 6489] set_robust_list(0x7f5464f619e0, 24 [pid 6488] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6489] <... set_robust_list resumed>) = 0 [pid 6489] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6489] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6488] <... mknodat resumed>) = 0 [pid 6488] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6488] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6489] <... mount resumed>) = 0 [pid 6489] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6489] chdir(".") = 0 [pid 6489] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6487] <... futex resumed>) = 0 [pid 6487] exit_group(0) = ? [pid 6488] <... futex resumed>) = ? [pid 6488] +++ exited with 0 +++ [pid 6489] <... futex resumed>) = ? [pid 6489] +++ exited with 0 +++ [pid 6487] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6487, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./493", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./493", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 127.662500][ T6488] loop0: detected capacity change from 0 to 1024 umount2("./493/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./493/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./493/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./493/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./493/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./493/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./493/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./493/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./493/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./493") = 0 mkdir("./494", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6490 ./strace-static-x86_64: Process 6490 attached [pid 6490] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6490] chdir("./494") = 0 [pid 6490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6490] setpgid(0, 0) = 0 [pid 6490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6490] write(3, "1000", 4) = 4 [pid 6490] close(3) = 0 [pid 6490] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6490] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6490] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6490] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6491], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6491 [pid 6490] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6490] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6491 attached [pid 6491] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6491] memfd_create("syzkaller", 0) = 3 [pid 6491] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6491] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6491] munmap(0x7f5464ee2000, 524288) = 0 [pid 6491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6491] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6491] close(3) = 0 [pid 6491] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6491] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6491] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6491] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6491] ioctl(4, LOOP_CLR_FD) = 0 [pid 6491] close(4) = 0 [pid 6491] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6491] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6490] <... futex resumed>) = 0 [pid 6490] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6491] <... futex resumed>) = 0 [pid 6490] <... futex resumed>) = 1 [pid 6491] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6490] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6491] <... mknodat resumed>) = 0 [pid 6490] <... mmap resumed>) = 0x7f5464f41000 [pid 6491] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6491] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6490] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6490] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6492 attached [pid 6492] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6492] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6490] <... clone resumed>, parent_tid=[6492], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6492 [pid 6490] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6492] <... futex resumed>) = 0 [pid 6490] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6492] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6492] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6492] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6492] chdir(".") = 0 [pid 6492] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6490] <... futex resumed>) = 0 [pid 6492] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6490] exit_group(0 [pid 6491] <... futex resumed>) = ? [pid 6490] <... exit_group resumed>) = ? [pid 6491] +++ exited with 0 +++ [pid 6492] <... futex resumed>) = ? [pid 6492] +++ exited with 0 +++ [pid 6490] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6490, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./494", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./494", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./494/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./494/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./494/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./494/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./494/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 127.779485][ T6491] loop0: detected capacity change from 0 to 1024 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./494/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./494/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./494/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./494/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./494") = 0 mkdir("./495", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6493 ./strace-static-x86_64: Process 6493 attached [pid 6493] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6493] chdir("./495") = 0 [pid 6493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6493] setpgid(0, 0) = 0 [pid 6493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6493] write(3, "1000", 4) = 4 [pid 6493] close(3) = 0 [pid 6493] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6493] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6493] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6493] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6494], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6494 [pid 6493] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6493] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6494 attached [pid 6494] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6494] memfd_create("syzkaller", 0) = 3 [pid 6494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6494] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6494] munmap(0x7f5464ee2000, 524288) = 0 [pid 6494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6494] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6494] close(3) = 0 [pid 6494] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6494] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6494] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6494] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6494] ioctl(4, LOOP_CLR_FD) = 0 [pid 6494] close(4) = 0 [pid 6494] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6493] <... futex resumed>) = 0 [pid 6493] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6494] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6493] <... futex resumed>) = 0 [pid 6493] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6493] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6493] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6495], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6495 [pid 6493] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6493] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6494] <... mknodat resumed>) = 0 [pid 6494] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6494] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6495 attached [pid 6495] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6495] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6495] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6495] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6495] chdir(".") = 0 [pid 6495] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6493] <... futex resumed>) = 0 [pid 6493] exit_group(0 [pid 6494] <... futex resumed>) = ? [pid 6493] <... exit_group resumed>) = ? [pid 6494] +++ exited with 0 +++ [pid 6495] <... futex resumed>) = ? [pid 6495] +++ exited with 0 +++ [pid 6493] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6493, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./495", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./495", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 127.903640][ T6494] loop0: detected capacity change from 0 to 1024 umount2("./495/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./495/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./495/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./495/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./495/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./495/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./495/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./495/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./495/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./495") = 0 mkdir("./496", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6496 ./strace-static-x86_64: Process 6496 attached [pid 6496] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6496] chdir("./496") = 0 [pid 6496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6496] setpgid(0, 0) = 0 [pid 6496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6496] write(3, "1000", 4) = 4 [pid 6496] close(3) = 0 [pid 6496] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6496] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6496] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6496] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6497 attached , parent_tid=[6497], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6497 [pid 6497] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6497] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6496] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6497] <... futex resumed>) = 0 [pid 6496] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6497] memfd_create("syzkaller", 0) = 3 [pid 6497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6497] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6497] munmap(0x7f5464ee2000, 524288) = 0 [pid 6497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6497] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6497] close(3) = 0 [pid 6497] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6497] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6497] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6497] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6497] ioctl(4, LOOP_CLR_FD) = 0 [pid 6497] close(4) = 0 [pid 6497] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6496] <... futex resumed>) = 0 [pid 6496] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6496] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6497] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6496] <... mmap resumed>) = 0x7f5464f41000 [pid 6496] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6496] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6498], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6498 [pid 6496] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6496] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6498 attached [pid 6498] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6497] <... mknodat resumed>) = 0 [pid 6497] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] mkdir(".", 0777 [pid 6497] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6498] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6498] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6498] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6498] chdir(".") = 0 [pid 6498] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6496] <... futex resumed>) = 0 [pid 6496] exit_group(0) = ? [pid 6497] <... futex resumed>) = ? [pid 6498] <... futex resumed>) = ? [pid 6498] +++ exited with 0 +++ [pid 6497] +++ exited with 0 +++ [pid 6496] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6496, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./496", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./496", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./496/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./496/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./496/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 128.016767][ T6497] loop0: detected capacity change from 0 to 1024 umount2("./496/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./496/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./496/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./496/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./496/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./496/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./496") = 0 mkdir("./497", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6499 ./strace-static-x86_64: Process 6499 attached [pid 6499] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6499] chdir("./497") = 0 [pid 6499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6499] setpgid(0, 0) = 0 [pid 6499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6499] write(3, "1000", 4) = 4 [pid 6499] close(3) = 0 [pid 6499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6499] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6499] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6499] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6500 attached , parent_tid=[6500], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6500 [pid 6499] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6499] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6500] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6500] memfd_create("syzkaller", 0) = 3 [pid 6500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6500] munmap(0x7f5464ee2000, 524288) = 0 [pid 6500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6500] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6500] close(3) = 0 [pid 6500] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6500] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6500] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6500] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6500] ioctl(4, LOOP_CLR_FD) = 0 [pid 6500] close(4) = 0 [pid 6500] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6499] <... futex resumed>) = 0 [pid 6499] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6499] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6499] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 6500] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6499] <... mprotect resumed>) = 0 [pid 6499] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6501], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6501 [pid 6499] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6499] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6500] <... mknodat resumed>) = 0 ./strace-static-x86_64: Process 6501 attached [pid 6501] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6501] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6501] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6500] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6500] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6501] <... mount resumed>) = 0 [pid 6501] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6501] chdir(".") = 0 [pid 6501] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6499] <... futex resumed>) = 0 [pid 6499] exit_group(0) = ? [pid 6500] <... futex resumed>) = ? [pid 6500] +++ exited with 0 +++ [pid 6501] +++ exited with 0 +++ [pid 6499] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6499, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./497", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./497", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./497/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./497/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./497/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./497/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./497/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./497/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./497/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 128.125167][ T6500] loop0: detected capacity change from 0 to 1024 lstat("./497/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./497/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./497") = 0 mkdir("./498", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6502 ./strace-static-x86_64: Process 6502 attached [pid 6502] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6502] chdir("./498") = 0 [pid 6502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6502] setpgid(0, 0) = 0 [pid 6502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6502] write(3, "1000", 4) = 4 [pid 6502] close(3) = 0 [pid 6502] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6502] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6502] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6502] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6503], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6503 ./strace-static-x86_64: Process 6503 attached [pid 6503] set_robust_list(0x7f546d3029e0, 24 [pid 6502] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6503] <... set_robust_list resumed>) = 0 [pid 6503] memfd_create("syzkaller", 0 [pid 6502] <... futex resumed>) = 0 [pid 6503] <... memfd_create resumed>) = 3 [pid 6503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6502] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6503] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6503] munmap(0x7f5464ee2000, 524288) = 0 [pid 6503] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6503] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6503] close(3) = 0 [pid 6503] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6503] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6503] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6503] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6503] ioctl(4, LOOP_CLR_FD) = 0 [pid 6503] close(4) = 0 [pid 6503] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6502] <... futex resumed>) = 0 [pid 6502] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6503] <... futex resumed>) = 1 [pid 6502] <... futex resumed>) = 0 [pid 6503] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6502] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6502] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 6503] <... mknodat resumed>) = 0 [pid 6502] <... mprotect resumed>) = 0 [pid 6503] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6502] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6503] <... futex resumed>) = 0 [pid 6503] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6502] <... clone resumed>, parent_tid=[6504], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6504 [pid 6502] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6504 attached ) = 0 [pid 6504] set_robust_list(0x7f5464f619e0, 24 [pid 6502] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6504] <... set_robust_list resumed>) = 0 [pid 6504] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6504] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6504] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6504] chdir(".") = 0 [pid 6504] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6502] <... futex resumed>) = 0 [pid 6504] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6502] exit_group(0) = ? [pid 6504] <... futex resumed>) = ? [pid 6504] +++ exited with 0 +++ [pid 6503] <... futex resumed>) = ? [pid 6503] +++ exited with 0 +++ [pid 6502] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6502, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./498", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./498", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./498/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 128.246316][ T6503] loop0: detected capacity change from 0 to 1024 umount2("./498/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./498/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./498/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./498/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./498/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./498/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./498/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./498/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./498") = 0 mkdir("./499", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6505 attached [pid 6505] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6505] chdir("./499" [pid 4999] <... clone resumed>, child_tidptr=0x5555561b25d0) = 6505 [pid 6505] <... chdir resumed>) = 0 [pid 6505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6505] setpgid(0, 0) = 0 [pid 6505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6505] write(3, "1000", 4) = 4 [pid 6505] close(3) = 0 [pid 6505] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6505] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6505] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6505] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6506], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6506 [pid 6505] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6506 attached [pid 6506] set_robust_list(0x7f546d3029e0, 24 [pid 6505] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6506] <... set_robust_list resumed>) = 0 [pid 6506] memfd_create("syzkaller", 0) = 3 [pid 6506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6506] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6506] munmap(0x7f5464ee2000, 524288) = 0 [pid 6506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6506] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6506] close(3) = 0 [pid 6506] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6506] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6506] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6506] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6506] ioctl(4, LOOP_CLR_FD) = 0 [pid 6506] close(4) = 0 [pid 6506] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6505] <... futex resumed>) = 0 [pid 6505] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6505] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6505] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6505] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6507], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6507 [pid 6505] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6505] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6506] <... futex resumed>) = 1 [pid 6506] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6507 attached [pid 6507] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6507] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6507] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6506] <... mknodat resumed>) = 0 [pid 6506] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6506] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6507] <... mount resumed>) = 0 [pid 6507] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6507] chdir(".") = 0 [pid 6507] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6505] <... futex resumed>) = 0 [pid 6505] exit_group(0) = ? [pid 6506] <... futex resumed>) = ? [pid 6507] +++ exited with 0 +++ [pid 6506] +++ exited with 0 +++ [pid 6505] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6505, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./499", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./499", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./499/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./499/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./499/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./499/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./499/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 128.353334][ T6506] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./499/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./499/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./499/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./499/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./499") = 0 mkdir("./500", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6508 ./strace-static-x86_64: Process 6508 attached [pid 6508] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6508] chdir("./500") = 0 [pid 6508] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6508] setpgid(0, 0) = 0 [pid 6508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6508] write(3, "1000", 4) = 4 [pid 6508] close(3) = 0 [pid 6508] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6508] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6508] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6508] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6509 attached , parent_tid=[6509], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6509 [pid 6508] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6509] set_robust_list(0x7f546d3029e0, 24 [pid 6508] <... futex resumed>) = 0 [pid 6509] <... set_robust_list resumed>) = 0 [pid 6508] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6509] memfd_create("syzkaller", 0) = 3 [pid 6509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6509] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6509] munmap(0x7f5464ee2000, 524288) = 0 [pid 6509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6509] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6509] close(3) = 0 [pid 6509] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6509] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6509] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6509] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6509] ioctl(4, LOOP_CLR_FD) = 0 [pid 6509] close(4) = 0 [pid 6509] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6509] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6508] <... futex resumed>) = 0 [pid 6508] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6509] <... futex resumed>) = 0 [pid 6508] <... futex resumed>) = 1 [pid 6509] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6508] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6508] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6508] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6510], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6510 [pid 6508] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6508] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6509] <... mknodat resumed>) = 0 [pid 6509] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6509] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6510 attached [pid 6510] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6510] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6510] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6510] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6510] chdir(".") = 0 [pid 6510] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6508] <... futex resumed>) = 0 [pid 6510] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6508] exit_group(0 [pid 6510] <... futex resumed>) = ? [pid 6509] <... futex resumed>) = ? [pid 6508] <... exit_group resumed>) = ? [pid 6509] +++ exited with 0 +++ [pid 6510] +++ exited with 0 +++ [pid 6508] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6508, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./500", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./500", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 128.452591][ T6509] loop0: detected capacity change from 0 to 1024 umount2("./500/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./500/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./500/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./500/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./500/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./500/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./500/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./500/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./500/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./500") = 0 mkdir("./501", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6511 ./strace-static-x86_64: Process 6511 attached [pid 6511] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6511] chdir("./501") = 0 [pid 6511] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6511] setpgid(0, 0) = 0 [pid 6511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6511] write(3, "1000", 4) = 4 [pid 6511] close(3) = 0 [pid 6511] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6511] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6511] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6511] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6512], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6512 [pid 6511] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6511] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6512 attached [pid 6512] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6512] memfd_create("syzkaller", 0) = 3 [pid 6512] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6512] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6512] munmap(0x7f5464ee2000, 524288) = 0 [pid 6512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6512] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6512] close(3) = 0 [pid 6512] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6512] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6512] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6512] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6512] ioctl(4, LOOP_CLR_FD) = 0 [pid 6512] close(4) = 0 [pid 6512] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6511] <... futex resumed>) = 0 [pid 6511] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6511] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6511] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6511] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6513], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6513 [pid 6511] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6511] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6512] <... futex resumed>) = 1 [pid 6512] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6512] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6512] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6513 attached [pid 6513] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6513] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6513] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6513] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6513] chdir(".") = 0 [pid 6513] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6511] <... futex resumed>) = 0 [pid 6513] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6511] exit_group(0 [pid 6513] <... futex resumed>) = ? [pid 6511] <... exit_group resumed>) = ? [pid 6513] +++ exited with 0 +++ [pid 6512] <... futex resumed>) = ? [pid 6512] +++ exited with 0 +++ [pid 6511] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6511, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./501", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./501", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./501/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./501/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./501/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./501/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./501/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./501/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 128.557389][ T6512] loop0: detected capacity change from 0 to 1024 umount2("./501/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./501/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./501/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./501") = 0 mkdir("./502", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6514 ./strace-static-x86_64: Process 6514 attached [pid 6514] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6514] chdir("./502") = 0 [pid 6514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6514] setpgid(0, 0) = 0 [pid 6514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6514] write(3, "1000", 4) = 4 [pid 6514] close(3) = 0 [pid 6514] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6514] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6514] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6514] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6515 attached , parent_tid=[6515], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6515 [pid 6515] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6515] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6514] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6515] <... futex resumed>) = 0 [pid 6514] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6515] memfd_create("syzkaller", 0) = 3 [pid 6515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6515] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6515] munmap(0x7f5464ee2000, 524288) = 0 [pid 6515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6515] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6515] close(3) = 0 [pid 6515] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6515] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6515] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6515] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6515] ioctl(4, LOOP_CLR_FD) = 0 [pid 6515] close(4) = 0 [pid 6515] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6514] <... futex resumed>) = 0 [pid 6514] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6514] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6514] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6514] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6516], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6516 [pid 6514] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6514] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6515] <... futex resumed>) = 1 [pid 6515] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6516 attached [pid 6516] set_robust_list(0x7f5464f619e0, 24 [pid 6515] <... mknodat resumed>) = 0 [pid 6515] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6515] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6516] <... set_robust_list resumed>) = 0 [pid 6516] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6516] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6516] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6516] chdir(".") = 0 [pid 6516] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6514] <... futex resumed>) = 0 [pid 6516] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6514] exit_group(0 [pid 6515] <... futex resumed>) = ? [pid 6514] <... exit_group resumed>) = ? [pid 6515] +++ exited with 0 +++ [pid 6516] <... futex resumed>) = ? [pid 6516] +++ exited with 0 +++ [pid 6514] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6514, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./502", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./502", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./502/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./502/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./502/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./502/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./502/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./502/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./502/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./502/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 128.661237][ T6515] loop0: detected capacity change from 0 to 1024 unlink("./502/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./502") = 0 mkdir("./503", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6517 ./strace-static-x86_64: Process 6517 attached [pid 6517] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6517] chdir("./503") = 0 [pid 6517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6517] setpgid(0, 0) = 0 [pid 6517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6517] write(3, "1000", 4) = 4 [pid 6517] close(3) = 0 [pid 6517] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6517] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6517] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6517] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6518 attached , parent_tid=[6518], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6518 [pid 6518] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6517] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6517] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6518] memfd_create("syzkaller", 0) = 3 [pid 6518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6518] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6518] munmap(0x7f5464ee2000, 524288) = 0 [pid 6518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6518] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6518] close(3) = 0 [pid 6518] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6518] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6518] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6518] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6518] ioctl(4, LOOP_CLR_FD) = 0 [pid 6518] close(4) = 0 [pid 6518] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6518] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6517] <... futex resumed>) = 0 [pid 6517] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6518] <... futex resumed>) = 0 [pid 6518] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6517] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6517] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6517] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6519], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6519 [pid 6517] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6519 attached ) = 0 [pid 6517] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6518] <... mknodat resumed>) = 0 [pid 6518] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6518] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6519] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6519] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6519] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6519] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6519] chdir(".") = 0 [pid 6519] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6517] <... futex resumed>) = 0 [pid 6519] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6517] exit_group(0 [pid 6518] <... futex resumed>) = ? [pid 6517] <... exit_group resumed>) = ? [pid 6518] +++ exited with 0 +++ [pid 6519] <... futex resumed>) = ? [pid 6519] +++ exited with 0 +++ [pid 6517] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6517, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./503", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./503", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 128.755476][ T6518] loop0: detected capacity change from 0 to 1024 umount2("./503/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./503/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./503/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./503/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./503/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./503/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./503/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./503/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./503/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./503") = 0 mkdir("./504", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6520 ./strace-static-x86_64: Process 6520 attached [pid 6520] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6520] chdir("./504") = 0 [pid 6520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6520] setpgid(0, 0) = 0 [pid 6520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6520] write(3, "1000", 4) = 4 [pid 6520] close(3) = 0 [pid 6520] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6520] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6520] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6520] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6521 attached , parent_tid=[6521], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6521 [pid 6520] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6520] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6521] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6521] memfd_create("syzkaller", 0) = 3 [pid 6521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6521] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6521] munmap(0x7f5464ee2000, 524288) = 0 [pid 6521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6521] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6521] close(3) = 0 [pid 6521] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6521] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6521] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6521] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6521] ioctl(4, LOOP_CLR_FD) = 0 [pid 6521] close(4) = 0 [pid 6521] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6520] <... futex resumed>) = 0 [pid 6521] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6520] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6520] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6520] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6520] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6522], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6522 [pid 6520] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6520] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6521] <... mknodat resumed>) = 0 [pid 6521] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6521] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6522 attached [pid 6522] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6522] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6522] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6522] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6522] chdir(".") = 0 [pid 6522] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6520] <... futex resumed>) = 0 [pid 6522] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6520] exit_group(0 [pid 6522] <... futex resumed>) = ? [pid 6520] <... exit_group resumed>) = ? [pid 6522] +++ exited with 0 +++ [pid 6521] <... futex resumed>) = ? [pid 6521] +++ exited with 0 +++ [pid 6520] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6520, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./504", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./504", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 128.871446][ T6521] loop0: detected capacity change from 0 to 1024 umount2("./504/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./504/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./504/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./504/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./504/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./504/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./504/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./504/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./504/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./504") = 0 mkdir("./505", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6523 attached [pid 6523] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6523] chdir("./505") = 0 [pid 6523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6523] setpgid(0, 0) = 0 [pid 4999] <... clone resumed>, child_tidptr=0x5555561b25d0) = 6523 [pid 6523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6523] write(3, "1000", 4) = 4 [pid 6523] close(3) = 0 [pid 6523] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6523] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6523] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6523] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6524 attached , parent_tid=[6524], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6524 [pid 6524] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6523] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6523] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6524] memfd_create("syzkaller", 0) = 3 [pid 6524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6524] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6524] munmap(0x7f5464ee2000, 524288) = 0 [pid 6524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6524] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6524] close(3) = 0 [pid 6524] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6524] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6524] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6524] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6524] ioctl(4, LOOP_CLR_FD) = 0 [pid 6524] close(4) = 0 [pid 6524] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6523] <... futex resumed>) = 0 [pid 6523] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6523] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6523] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6523] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6525], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6525 [pid 6523] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6525 attached [pid 6523] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6524] <... futex resumed>) = 1 [pid 6525] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6524] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6525] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6525] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6524] <... mknodat resumed>) = 0 [pid 6524] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6524] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6525] <... mount resumed>) = 0 [pid 6525] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6525] chdir(".") = 0 [pid 6525] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6523] <... futex resumed>) = 0 [pid 6523] exit_group(0 [pid 6524] <... futex resumed>) = ? [pid 6523] <... exit_group resumed>) = ? [pid 6524] +++ exited with 0 +++ [pid 6525] +++ exited with 0 +++ [pid 6523] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6523, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./505", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./505", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 128.975065][ T6524] loop0: detected capacity change from 0 to 1024 umount2("./505/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./505/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./505/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./505/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./505/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./505/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./505/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./505/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./505/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./505") = 0 mkdir("./506", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6526 ./strace-static-x86_64: Process 6526 attached [pid 6526] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6526] chdir("./506") = 0 [pid 6526] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6526] setpgid(0, 0) = 0 [pid 6526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6526] write(3, "1000", 4) = 4 [pid 6526] close(3) = 0 [pid 6526] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6526] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6526] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6526] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6526] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6527], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6527 [pid 6526] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6526] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6527 attached [pid 6527] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6527] memfd_create("syzkaller", 0) = 3 [pid 6527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6527] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6527] munmap(0x7f5464ee2000, 524288) = 0 [pid 6527] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6527] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6527] close(3) = 0 [pid 6527] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6527] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6527] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6527] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6527] ioctl(4, LOOP_CLR_FD) = 0 [pid 6527] close(4) = 0 [pid 6527] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6526] <... futex resumed>) = 0 [pid 6527] <... futex resumed>) = 1 [pid 6526] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6526] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6526] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6526] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6526] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6528], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6528 [pid 6526] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6526] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6527] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6527] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6527] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6528 attached [pid 6528] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6528] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6528] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6528] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6528] chdir(".") = 0 [pid 6528] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6526] <... futex resumed>) = 0 [pid 6528] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6526] exit_group(0) = ? [pid 6528] <... futex resumed>) = ? [pid 6528] +++ exited with 0 +++ [pid 6527] <... futex resumed>) = ? [pid 6527] +++ exited with 0 +++ [pid 6526] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6526, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./506", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./506", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./506/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./506/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./506/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./506/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./506/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 129.090752][ T6527] loop0: detected capacity change from 0 to 1024 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./506/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./506/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./506/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./506/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./506") = 0 mkdir("./507", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6529 ./strace-static-x86_64: Process 6529 attached [pid 6529] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6529] chdir("./507") = 0 [pid 6529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6529] setpgid(0, 0) = 0 [pid 6529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6529] write(3, "1000", 4) = 4 [pid 6529] close(3) = 0 [pid 6529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6529] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6529] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6529] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6530 attached , parent_tid=[6530], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6530 [pid 6530] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6530] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6529] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6530] <... futex resumed>) = 0 [pid 6529] <... futex resumed>) = 1 [pid 6530] memfd_create("syzkaller", 0 [pid 6529] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6530] <... memfd_create resumed>) = 3 [pid 6530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6530] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6530] munmap(0x7f5464ee2000, 524288) = 0 [pid 6530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6530] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6530] close(3) = 0 [pid 6530] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6530] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6530] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6530] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6530] ioctl(4, LOOP_CLR_FD) = 0 [pid 6530] close(4) = 0 [pid 6530] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6529] <... futex resumed>) = 0 [pid 6530] <... futex resumed>) = 1 [pid 6529] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6530] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6529] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6529] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 6530] <... mknodat resumed>) = 0 [pid 6529] <... mprotect resumed>) = 0 [pid 6529] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6531], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6531 [pid 6529] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6529] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6530] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6530] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6531 attached [pid 6531] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6531] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6531] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6531] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6531] chdir(".") = 0 [pid 6531] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6529] <... futex resumed>) = 0 [pid 6531] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6529] exit_group(0) = ? [pid 6531] <... futex resumed>) = ? [pid 6531] +++ exited with 0 +++ [pid 6530] <... futex resumed>) = ? [pid 6530] +++ exited with 0 +++ [pid 6529] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6529, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./507", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./507", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./507/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./507/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./507/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./507/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./507/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./507/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./507/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./507/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./507/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./507") = 0 [ 129.193790][ T6530] loop0: detected capacity change from 0 to 1024 mkdir("./508", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6532 attached , child_tidptr=0x5555561b25d0) = 6532 [pid 6532] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6532] chdir("./508") = 0 [pid 6532] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6532] setpgid(0, 0) = 0 [pid 6532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6532] write(3, "1000", 4) = 4 [pid 6532] close(3) = 0 [pid 6532] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6532] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6532] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6532] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6532] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6533 attached , parent_tid=[6533], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6533 [pid 6532] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6532] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6533] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6533] memfd_create("syzkaller", 0) = 3 [pid 6533] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6533] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6533] munmap(0x7f5464ee2000, 524288) = 0 [pid 6533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6533] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6533] close(3) = 0 [pid 6533] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6533] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6533] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6533] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6533] ioctl(4, LOOP_CLR_FD) = 0 [pid 6533] close(4) = 0 [pid 6533] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6533] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6532] <... futex resumed>) = 0 [pid 6532] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6533] <... futex resumed>) = 0 [pid 6533] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6532] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6532] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6532] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6532] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6534], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6534 [pid 6532] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6534 attached ) = 0 [pid 6532] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6533] <... mknodat resumed>) = 0 [pid 6533] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6533] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6534] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6534] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6534] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6534] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6534] chdir(".") = 0 [pid 6534] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6532] <... futex resumed>) = 0 [pid 6532] exit_group(0) = ? [pid 6533] <... futex resumed>) = ? [pid 6533] +++ exited with 0 +++ [pid 6534] +++ exited with 0 +++ [pid 6532] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6532, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./508", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./508", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./508/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./508/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./508/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./508/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./508/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 129.291664][ T6533] loop0: detected capacity change from 0 to 1024 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./508/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./508/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./508/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./508/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./508") = 0 mkdir("./509", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6535 ./strace-static-x86_64: Process 6535 attached [pid 6535] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6535] chdir("./509") = 0 [pid 6535] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6535] setpgid(0, 0) = 0 [pid 6535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6535] write(3, "1000", 4) = 4 [pid 6535] close(3) = 0 [pid 6535] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6535] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6535] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6535] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6536 attached , parent_tid=[6536], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6536 [pid 6536] set_robust_list(0x7f546d3029e0, 24 [pid 6535] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6536] <... set_robust_list resumed>) = 0 [pid 6535] <... futex resumed>) = 0 [pid 6536] memfd_create("syzkaller", 0 [pid 6535] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6536] <... memfd_create resumed>) = 3 [pid 6536] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6536] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6536] munmap(0x7f5464ee2000, 524288) = 0 [pid 6536] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6536] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6536] close(3) = 0 [pid 6536] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6536] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6536] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6536] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6536] ioctl(4, LOOP_CLR_FD) = 0 [pid 6536] close(4) = 0 [pid 6536] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6536] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6535] <... futex resumed>) = 0 [pid 6535] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6535] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6535] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6535] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6537], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6537 [pid 6535] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6535] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6536] <... futex resumed>) = 0 [pid 6536] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6536] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6536] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6537 attached [pid 6537] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6537] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6537] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6537] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6537] chdir(".") = 0 [pid 6537] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6535] <... futex resumed>) = 0 [pid 6535] exit_group(0) = ? [pid 6536] <... futex resumed>) = ? [pid 6536] +++ exited with 0 +++ [pid 6537] <... futex resumed>) = ? [pid 6537] +++ exited with 0 +++ [pid 6535] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6535, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./509", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./509", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./509/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 129.398427][ T6536] loop0: detected capacity change from 0 to 1024 umount2("./509/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./509/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./509/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./509/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./509/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./509/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./509/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./509/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./509") = 0 mkdir("./510", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6538 ./strace-static-x86_64: Process 6538 attached [pid 6538] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6538] chdir("./510") = 0 [pid 6538] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6538] setpgid(0, 0) = 0 [pid 6538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6538] write(3, "1000", 4) = 4 [pid 6538] close(3) = 0 [pid 6538] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6538] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6538] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6538] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6539 attached , parent_tid=[6539], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6539 [pid 6539] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6539] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6538] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6539] <... futex resumed>) = 0 [pid 6538] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6539] memfd_create("syzkaller", 0) = 3 [pid 6539] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6539] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6539] munmap(0x7f5464ee2000, 524288) = 0 [pid 6539] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6539] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6539] close(3) = 0 [pid 6539] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6539] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6539] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6539] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6539] ioctl(4, LOOP_CLR_FD) = 0 [pid 6539] close(4) = 0 [pid 6539] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6538] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6538] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6538] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6540], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6540 [pid 6538] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6539] <... futex resumed>) = 1 [pid 6539] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6540 attached [pid 6540] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6540] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6539] <... mknodat resumed>) = 0 [pid 6540] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6539] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6539] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6540] <... mount resumed>) = 0 [pid 6540] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6540] chdir(".") = 0 [pid 6540] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6538] <... futex resumed>) = 0 [pid 6540] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6538] exit_group(0) = ? [pid 6540] <... futex resumed>) = ? [pid 6539] <... futex resumed>) = ? [pid 6540] +++ exited with 0 +++ [pid 6539] +++ exited with 0 +++ [pid 6538] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6538, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./510", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./510", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./510/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./510/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./510/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./510/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./510/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 129.515109][ T6539] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./510/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./510/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./510/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./510/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./510") = 0 mkdir("./511", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6541 attached , child_tidptr=0x5555561b25d0) = 6541 [pid 6541] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6541] chdir("./511") = 0 [pid 6541] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6541] setpgid(0, 0) = 0 [pid 6541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6541] write(3, "1000", 4) = 4 [pid 6541] close(3) = 0 [pid 6541] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6541] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6541] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6541] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6542], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6542 [pid 6541] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6541] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6542 attached [pid 6542] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6542] memfd_create("syzkaller", 0) = 3 [pid 6542] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6542] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6542] munmap(0x7f5464ee2000, 524288) = 0 [pid 6542] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6542] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6542] close(3) = 0 [pid 6542] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6542] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6542] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6542] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6542] ioctl(4, LOOP_CLR_FD) = 0 [pid 6542] close(4) = 0 [pid 6542] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6541] <... futex resumed>) = 0 [pid 6542] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6541] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6542] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6541] <... futex resumed>) = 0 [pid 6542] <... mknodat resumed>) = 0 [pid 6541] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6542] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6541] <... futex resumed>) = 0 [pid 6542] <... futex resumed>) = 0 [pid 6541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6542] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6541] <... mmap resumed>) = 0x7f5464f41000 [pid 6541] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6541] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6543 attached , parent_tid=[6543], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6543 [pid 6543] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6543] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6541] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6543] mkdir(".", 0777 [pid 6541] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6543] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6543] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6543] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6543] chdir(".") = 0 [pid 6543] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6541] <... futex resumed>) = 0 [pid 6541] exit_group(0 [pid 6542] <... futex resumed>) = ? [pid 6541] <... exit_group resumed>) = ? [pid 6542] +++ exited with 0 +++ [pid 6543] +++ exited with 0 +++ [pid 6541] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6541, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./511", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./511", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 129.623387][ T6542] loop0: detected capacity change from 0 to 1024 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./511/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./511/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./511/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./511/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./511/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./511/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./511/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./511/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./511/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./511") = 0 mkdir("./512", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6544 ./strace-static-x86_64: Process 6544 attached [pid 6544] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6544] chdir("./512") = 0 [pid 6544] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6544] setpgid(0, 0) = 0 [pid 6544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6544] write(3, "1000", 4) = 4 [pid 6544] close(3) = 0 [pid 6544] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6544] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6544] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6544] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6545 attached , parent_tid=[6545], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6545 [pid 6545] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6545] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6544] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6545] <... futex resumed>) = 0 [pid 6544] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6545] memfd_create("syzkaller", 0) = 3 [pid 6545] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6545] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6545] munmap(0x7f5464ee2000, 524288) = 0 [pid 6545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6545] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6545] close(3) = 0 [pid 6545] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6545] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6545] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6545] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6545] ioctl(4, LOOP_CLR_FD) = 0 [pid 6545] close(4) = 0 [pid 6545] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6544] <... futex resumed>) = 0 [pid 6544] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6544] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6544] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6544] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6546], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6546 [pid 6544] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6544] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6545] <... futex resumed>) = 1 [pid 6545] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6546 attached [pid 6546] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6546] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6546] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6545] <... mknodat resumed>) = 0 [pid 6545] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6545] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6546] <... mount resumed>) = 0 [pid 6546] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6546] chdir(".") = 0 [pid 6546] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6544] <... futex resumed>) = 0 [pid 6544] exit_group(0) = ? [ 129.749095][ T6545] loop0: detected capacity change from 0 to 1024 [pid 6545] <... futex resumed>) = ? [pid 6546] +++ exited with 0 +++ [pid 6545] +++ exited with 0 +++ [pid 6544] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6544, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./512", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./512", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./512/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./512/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./512/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./512/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./512/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./512/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./512/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./512/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./512/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./512") = 0 mkdir("./513", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6547 ./strace-static-x86_64: Process 6547 attached [pid 6547] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6547] chdir("./513") = 0 [pid 6547] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6547] setpgid(0, 0) = 0 [pid 6547] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6547] write(3, "1000", 4) = 4 [pid 6547] close(3) = 0 [pid 6547] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6547] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6547] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6547] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6547] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6548 attached , parent_tid=[6548], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6548 [pid 6548] set_robust_list(0x7f546d3029e0, 24 [pid 6547] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6548] <... set_robust_list resumed>) = 0 [pid 6547] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6548] memfd_create("syzkaller", 0) = 3 [pid 6548] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6548] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6548] munmap(0x7f5464ee2000, 524288) = 0 [pid 6548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6548] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6548] close(3) = 0 [pid 6548] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6548] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6548] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6548] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6548] ioctl(4, LOOP_CLR_FD) = 0 [pid 6548] close(4) = 0 [pid 6548] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6547] <... futex resumed>) = 0 [pid 6548] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6547] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6548] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6547] <... futex resumed>) = 0 [pid 6548] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6547] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6547] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6548] <... mknodat resumed>) = 0 [pid 6547] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 6548] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6547] <... mprotect resumed>) = 0 [pid 6548] <... futex resumed>) = 0 [pid 6547] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6548] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6549 attached [pid 6549] set_robust_list(0x7f5464f619e0, 24 [pid 6547] <... clone resumed>, parent_tid=[6549], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6549 [pid 6549] <... set_robust_list resumed>) = 0 [pid 6547] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6549] mkdir(".", 0777 [pid 6547] <... futex resumed>) = 0 [pid 6549] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6547] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6549] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6549] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6549] chdir(".") = 0 [pid 6549] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6547] <... futex resumed>) = 0 [pid 6549] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6547] exit_group(0 [pid 6548] <... futex resumed>) = ? [pid 6547] <... exit_group resumed>) = ? [pid 6548] +++ exited with 0 +++ [pid 6549] <... futex resumed>) = ? [pid 6549] +++ exited with 0 +++ [pid 6547] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6547, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./513", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./513", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 129.883361][ T6548] loop0: detected capacity change from 0 to 1024 umount2("./513/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./513/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./513/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./513/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./513/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./513/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./513/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./513/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./513/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./513") = 0 mkdir("./514", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6550 ./strace-static-x86_64: Process 6550 attached [pid 6550] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6550] chdir("./514") = 0 [pid 6550] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6550] setpgid(0, 0) = 0 [pid 6550] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6550] write(3, "1000", 4) = 4 [pid 6550] close(3) = 0 [pid 6550] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6550] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6550] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6550] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6551], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6551 [pid 6550] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6550] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6551 attached [pid 6551] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6551] memfd_create("syzkaller", 0) = 3 [pid 6551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6551] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6551] munmap(0x7f5464ee2000, 524288) = 0 [pid 6551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6551] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6551] close(3) = 0 [pid 6551] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6551] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6551] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6551] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6551] ioctl(4, LOOP_CLR_FD) = 0 [pid 6551] close(4) = 0 [pid 6551] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6550] <... futex resumed>) = 0 [pid 6550] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6550] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6550] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6550] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6552], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6552 [pid 6550] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6550] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6551] <... futex resumed>) = 1 [pid 6551] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6551] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6551] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6552 attached [pid 6552] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6552] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6552] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6552] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6552] chdir(".") = 0 [pid 6552] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6550] <... futex resumed>) = 0 [pid 6550] exit_group(0) = ? [pid 6551] <... futex resumed>) = ? [pid 6551] +++ exited with 0 +++ [pid 6552] <... futex resumed>) = ? [pid 6552] +++ exited with 0 +++ [pid 6550] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6550, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./514", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./514", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./514/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./514/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./514/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./514/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./514/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./514/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./514/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./514/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./514/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./514") = 0 mkdir("./515", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6553 ./strace-static-x86_64: Process 6553 attached [pid 6553] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6553] chdir("./515") = 0 [pid 6553] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6553] setpgid(0, 0) = 0 [pid 6553] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6553] write(3, "1000", 4) = 4 [pid 6553] close(3) = 0 [pid 6553] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6553] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6553] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6553] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6553] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6554], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6554 [pid 6553] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 129.983053][ T6551] loop0: detected capacity change from 0 to 1024 [pid 6553] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6554 attached [pid 6554] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6554] memfd_create("syzkaller", 0) = 3 [pid 6554] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6554] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6554] munmap(0x7f5464ee2000, 524288) = 0 [pid 6554] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6554] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6554] close(3) = 0 [pid 6554] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6554] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6554] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6554] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6554] ioctl(4, LOOP_CLR_FD) = 0 [pid 6554] close(4) = 0 [pid 6554] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6553] <... futex resumed>) = 0 [pid 6553] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6553] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6553] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6553] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6553] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6555], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6555 [pid 6553] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6553] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6554] <... futex resumed>) = 1 [pid 6554] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6555 attached ) = 0 [pid 6554] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6554] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6555] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6555] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6555] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6555] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6555] chdir(".") = 0 [pid 6555] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6553] <... futex resumed>) = 0 [pid 6553] exit_group(0 [pid 6554] <... futex resumed>) = ? [pid 6553] <... exit_group resumed>) = ? [pid 6554] +++ exited with 0 +++ [pid 6555] <... futex resumed>) = ? [pid 6555] +++ exited with 0 +++ [pid 6553] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6553, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./515", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./515", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 130.062887][ T6554] loop0: detected capacity change from 0 to 1024 umount2("./515/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./515/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./515/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./515/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./515/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./515/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./515/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./515/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./515/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./515") = 0 mkdir("./516", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6556 attached , child_tidptr=0x5555561b25d0) = 6556 [pid 6556] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6556] chdir("./516") = 0 [pid 6556] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6556] setpgid(0, 0) = 0 [pid 6556] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6556] write(3, "1000", 4) = 4 [pid 6556] close(3) = 0 [pid 6556] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6556] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6556] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6556] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6557], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6557 ./strace-static-x86_64: Process 6557 attached [pid 6557] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6557] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6556] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6557] <... futex resumed>) = 0 [pid 6556] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6557] memfd_create("syzkaller", 0) = 3 [pid 6557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6557] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6557] munmap(0x7f5464ee2000, 524288) = 0 [pid 6557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6557] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6557] close(3) = 0 [pid 6557] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6557] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6557] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6557] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6557] ioctl(4, LOOP_CLR_FD) = 0 [pid 6557] close(4) = 0 [pid 6557] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6556] <... futex resumed>) = 0 [pid 6556] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6556] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6557] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6556] <... futex resumed>) = 0 [pid 6556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6556] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6556] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6558], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6558 [pid 6556] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6556] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6558 attached [pid 6558] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6558] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6558] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6557] <... mknodat resumed>) = 0 [pid 6557] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6557] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6558] <... mount resumed>) = 0 [pid 6558] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6558] chdir(".") = 0 [pid 6558] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6556] <... futex resumed>) = 0 [pid 6558] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6556] exit_group(0) = ? [pid 6558] <... futex resumed>) = ? [pid 6557] <... futex resumed>) = ? [pid 6558] +++ exited with 0 +++ [pid 6557] +++ exited with 0 +++ [pid 6556] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6556, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./516", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./516", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 130.188978][ T6557] loop0: detected capacity change from 0 to 1024 umount2("./516/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./516/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./516/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./516/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./516/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./516/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./516/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./516/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./516/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./516") = 0 mkdir("./517", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6559 ./strace-static-x86_64: Process 6559 attached [pid 6559] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6559] chdir("./517") = 0 [pid 6559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6559] setpgid(0, 0) = 0 [pid 6559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6559] write(3, "1000", 4) = 4 [pid 6559] close(3) = 0 [pid 6559] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6559] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6559] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6559] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6560 attached , parent_tid=[6560], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6560 [pid 6560] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6560] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6559] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6560] <... futex resumed>) = 0 [pid 6559] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6560] memfd_create("syzkaller", 0) = 3 [pid 6560] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6560] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6560] munmap(0x7f5464ee2000, 524288) = 0 [pid 6560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6560] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6560] close(3) = 0 [pid 6560] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6560] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6560] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6560] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6560] ioctl(4, LOOP_CLR_FD) = 0 [pid 6560] close(4) = 0 [pid 6560] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6559] <... futex resumed>) = 0 [pid 6560] <... futex resumed>) = 1 [pid 6559] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6560] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6559] <... futex resumed>) = 0 [pid 6559] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6559] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6559] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6561], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6561 [pid 6559] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6559] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6560] <... mknodat resumed>) = 0 [pid 6560] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6560] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6561 attached [pid 6561] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6561] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6561] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6561] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6561] chdir(".") = 0 [pid 6561] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6559] <... futex resumed>) = 0 [pid 6561] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6559] exit_group(0 [pid 6561] <... futex resumed>) = ? [pid 6560] <... futex resumed>) = ? [pid 6559] <... exit_group resumed>) = ? [pid 6561] +++ exited with 0 +++ [pid 6560] +++ exited with 0 +++ [pid 6559] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6559, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./517", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./517", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./517/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./517/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 130.314887][ T6560] loop0: detected capacity change from 0 to 1024 lstat("./517/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./517/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./517/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./517/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./517/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./517/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./517/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./517") = 0 mkdir("./518", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6562 ./strace-static-x86_64: Process 6562 attached [pid 6562] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6562] chdir("./518") = 0 [pid 6562] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6562] setpgid(0, 0) = 0 [pid 6562] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6562] write(3, "1000", 4) = 4 [pid 6562] close(3) = 0 [pid 6562] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6562] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6562] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6562] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6563 attached , parent_tid=[6563], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6563 [pid 6563] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6563] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6562] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6563] <... futex resumed>) = 0 [pid 6562] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6563] memfd_create("syzkaller", 0) = 3 [pid 6563] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6563] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6563] munmap(0x7f5464ee2000, 524288) = 0 [pid 6563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6563] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6563] close(3) = 0 [pid 6563] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6563] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6563] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6563] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6563] ioctl(4, LOOP_CLR_FD) = 0 [pid 6563] close(4) = 0 [pid 6563] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6562] <... futex resumed>) = 0 [pid 6562] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6562] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6562] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6562] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6564], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6564 [pid 6562] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6562] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6563] <... futex resumed>) = 1 [pid 6563] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6564 attached [pid 6564] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6564] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6564] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6563] <... mknodat resumed>) = 0 [pid 6563] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6563] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6564] <... mount resumed>) = 0 [pid 6564] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6564] chdir(".") = 0 [pid 6564] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6562] <... futex resumed>) = 0 [pid 6562] exit_group(0 [pid 6563] <... futex resumed>) = ? [pid 6562] <... exit_group resumed>) = ? [pid 6563] +++ exited with 0 +++ [pid 6564] <... futex resumed>) = ? [pid 6564] +++ exited with 0 +++ [pid 6562] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6562, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./518", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./518", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./518/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./518/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./518/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./518/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./518/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 [ 130.415339][ T6563] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./518/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./518/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./518/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./518/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./518") = 0 mkdir("./519", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6565 ./strace-static-x86_64: Process 6565 attached [pid 6565] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6565] chdir("./519") = 0 [pid 6565] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6565] setpgid(0, 0) = 0 [pid 6565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6565] write(3, "1000", 4) = 4 [pid 6565] close(3) = 0 [pid 6565] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6565] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6565] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6565] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6566 attached , parent_tid=[6566], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6566 [pid 6566] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6566] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6565] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6566] <... futex resumed>) = 0 [pid 6565] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6566] memfd_create("syzkaller", 0) = 3 [pid 6566] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6566] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6566] munmap(0x7f5464ee2000, 524288) = 0 [pid 6566] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6566] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6566] close(3) = 0 [pid 6566] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6566] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6566] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6566] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6566] ioctl(4, LOOP_CLR_FD) = 0 [pid 6566] close(4) = 0 [pid 6566] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6565] <... futex resumed>) = 0 [pid 6565] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6565] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6565] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6565] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6567], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6567 [pid 6565] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6565] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6566] <... futex resumed>) = 1 [pid 6566] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6566] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6566] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6567 attached [pid 6567] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6567] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6567] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6567] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6567] chdir(".") = 0 [pid 6567] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6565] <... futex resumed>) = 0 [pid 6565] exit_group(0 [pid 6566] <... futex resumed>) = ? [pid 6565] <... exit_group resumed>) = ? [pid 6566] +++ exited with 0 +++ [pid 6567] <... futex resumed>) = ? [pid 6567] +++ exited with 0 +++ [pid 6565] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6565, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./519", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./519", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./519/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./519/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./519/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./519/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./519/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 130.518117][ T6566] loop0: detected capacity change from 0 to 1024 rmdir("./519/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./519/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./519/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./519/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./519") = 0 mkdir("./520", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6568 ./strace-static-x86_64: Process 6568 attached [pid 6568] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6568] chdir("./520") = 0 [pid 6568] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6568] setpgid(0, 0) = 0 [pid 6568] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6568] write(3, "1000", 4) = 4 [pid 6568] close(3) = 0 [pid 6568] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6568] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6568] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6568] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6569], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6569 [pid 6568] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6568] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6569 attached [pid 6569] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6569] memfd_create("syzkaller", 0) = 3 [pid 6569] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6569] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6569] munmap(0x7f5464ee2000, 524288) = 0 [pid 6569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6569] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6569] close(3) = 0 [pid 6569] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6569] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6569] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6569] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6569] ioctl(4, LOOP_CLR_FD) = 0 [pid 6569] close(4) = 0 [pid 6569] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6568] <... futex resumed>) = 0 [pid 6568] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6568] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6568] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6568] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6570], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6570 [pid 6568] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6568] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6569] <... futex resumed>) = 1 [pid 6569] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6570 attached [pid 6570] set_robust_list(0x7f5464f619e0, 24 [pid 6569] <... mknodat resumed>) = 0 [pid 6569] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6569] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6570] <... set_robust_list resumed>) = 0 [pid 6570] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6570] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6570] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6570] chdir(".") = 0 [pid 6570] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6568] <... futex resumed>) = 0 [pid 6568] exit_group(0) = ? [pid 6569] <... futex resumed>) = ? [pid 6569] +++ exited with 0 +++ [pid 6570] <... futex resumed>) = ? [pid 6570] +++ exited with 0 +++ [pid 6568] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6568, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./520", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./520", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./520/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./520/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./520/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./520/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./520/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./520/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./520/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./520/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./520/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./520") = 0 mkdir("./521", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6571 ./strace-static-x86_64: Process 6571 attached [pid 6571] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6571] chdir("./521") = 0 [pid 6571] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6571] setpgid(0, 0) = 0 [pid 6571] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6571] write(3, "1000", 4) = 4 [pid 6571] close(3) = 0 [pid 6571] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6571] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6571] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6571] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6571] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6572], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6572 [pid 6571] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 130.605425][ T6569] loop0: detected capacity change from 0 to 1024 [pid 6571] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6572 attached [pid 6572] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6572] memfd_create("syzkaller", 0) = 3 [pid 6572] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6572] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6572] munmap(0x7f5464ee2000, 524288) = 0 [pid 6572] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6572] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6572] close(3) = 0 [pid 6572] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6572] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6572] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6572] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6572] ioctl(4, LOOP_CLR_FD) = 0 [pid 6572] close(4) = 0 [pid 6572] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6571] <... futex resumed>) = 0 [pid 6571] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6571] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6571] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6571] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6571] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6573], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6573 [pid 6571] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6571] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6572] <... futex resumed>) = 1 [pid 6572] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6572] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6572] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6573 attached [pid 6573] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6573] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6573] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6573] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6573] chdir(".") = 0 [pid 6573] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6571] <... futex resumed>) = 0 [pid 6573] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6571] exit_group(0 [pid 6573] <... futex resumed>) = ? [pid 6572] <... futex resumed>) = ? [pid 6571] <... exit_group resumed>) = ? [pid 6573] +++ exited with 0 +++ [pid 6572] +++ exited with 0 +++ [pid 6571] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6571, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./521", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./521", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./521/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./521/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./521/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./521/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./521/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 130.683302][ T6572] loop0: detected capacity change from 0 to 1024 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./521/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./521/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./521/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./521/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./521") = 0 mkdir("./522", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6574 ./strace-static-x86_64: Process 6574 attached [pid 6574] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6574] chdir("./522") = 0 [pid 6574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6574] setpgid(0, 0) = 0 [pid 6574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6574] write(3, "1000", 4) = 4 [pid 6574] close(3) = 0 [pid 6574] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6574] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6574] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6574] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6575], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6575 ./strace-static-x86_64: Process 6575 attached [pid 6575] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6575] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6574] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6575] <... futex resumed>) = 0 [pid 6574] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6575] memfd_create("syzkaller", 0) = 3 [pid 6575] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6575] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6575] munmap(0x7f5464ee2000, 524288) = 0 [pid 6575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6575] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6575] close(3) = 0 [pid 6575] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6575] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6575] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6575] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6575] ioctl(4, LOOP_CLR_FD) = 0 [pid 6575] close(4) = 0 [pid 6575] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6574] <... futex resumed>) = 0 [pid 6574] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6574] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6574] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6575] <... futex resumed>) = 1 [pid 6574] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6575] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6574] <... clone resumed>, parent_tid=[6576], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6576 [pid 6574] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6574] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6576 attached [pid 6576] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6576] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6576] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6575] <... mknodat resumed>) = 0 [pid 6575] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6575] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] <... mount resumed>) = 0 [pid 6576] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6576] chdir(".") = 0 [pid 6576] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6574] <... futex resumed>) = 0 [pid 6576] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6574] exit_group(0 [pid 6576] <... futex resumed>) = ? [pid 6575] <... futex resumed>) = ? [pid 6574] <... exit_group resumed>) = ? [pid 6575] +++ exited with 0 +++ [pid 6576] +++ exited with 0 +++ [pid 6574] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6574, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./522", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./522", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./522/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./522/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./522/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./522/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./522/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 130.796219][ T6575] loop0: detected capacity change from 0 to 1024 rmdir("./522/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./522/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./522/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./522/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./522") = 0 mkdir("./523", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6577 ./strace-static-x86_64: Process 6577 attached [pid 6577] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6577] chdir("./523") = 0 [pid 6577] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6577] setpgid(0, 0) = 0 [pid 6577] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6577] write(3, "1000", 4) = 4 [pid 6577] close(3) = 0 [pid 6577] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6577] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6577] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6577] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6577] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6578 attached , parent_tid=[6578], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6578 [pid 6577] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6577] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6578] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6578] memfd_create("syzkaller", 0) = 3 [pid 6578] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6578] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6578] munmap(0x7f5464ee2000, 524288) = 0 [pid 6578] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6578] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6578] close(3) = 0 [pid 6578] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6578] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6578] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6578] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6578] ioctl(4, LOOP_CLR_FD) = 0 [pid 6578] close(4) = 0 [pid 6578] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6577] <... futex resumed>) = 0 [pid 6578] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6577] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6577] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6577] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6577] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6577] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6579], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6579 [pid 6578] <... mknodat resumed>) = 0 [pid 6577] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6577] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6579 attached [pid 6579] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6579] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6579] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6578] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6578] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6579] <... mount resumed>) = 0 [pid 6579] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6579] chdir(".") = 0 [pid 6579] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6577] <... futex resumed>) = 0 [pid 6577] exit_group(0) = ? [pid 6578] <... futex resumed>) = ? [pid 6579] <... futex resumed>) = ? [pid 6579] +++ exited with 0 +++ [pid 6578] +++ exited with 0 +++ [pid 6577] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6577, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./523", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./523", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./523/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./523/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./523/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./523/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./523/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 [ 130.899213][ T6578] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./523/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./523/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./523/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./523/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./523") = 0 mkdir("./524", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6580 attached , child_tidptr=0x5555561b25d0) = 6580 [pid 6580] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6580] chdir("./524") = 0 [pid 6580] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6580] setpgid(0, 0) = 0 [pid 6580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6580] write(3, "1000", 4) = 4 [pid 6580] close(3) = 0 [pid 6580] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6580] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6580] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6580] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6581], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6581 [pid 6580] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6580] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6581 attached [pid 6581] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6581] memfd_create("syzkaller", 0) = 3 [pid 6581] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6581] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6581] munmap(0x7f5464ee2000, 524288) = 0 [pid 6581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6581] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6581] close(3) = 0 [pid 6581] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6581] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6581] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6581] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6581] ioctl(4, LOOP_CLR_FD) = 0 [pid 6581] close(4) = 0 [pid 6581] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6580] <... futex resumed>) = 0 [pid 6580] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6581] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6580] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6580] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6580] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6582], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6582 [pid 6580] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6580] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6581] <... mknodat resumed>) = 0 [pid 6581] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6581] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6582 attached [pid 6582] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6582] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6582] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6582] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6582] chdir(".") = 0 [pid 6582] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6580] <... futex resumed>) = 0 [pid 6582] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6580] exit_group(0 [pid 6582] <... futex resumed>) = ? [pid 6580] <... exit_group resumed>) = ? [pid 6582] +++ exited with 0 +++ [pid 6581] <... futex resumed>) = ? [pid 6581] +++ exited with 0 +++ [pid 6580] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6580, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./524", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./524", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./524/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 131.003301][ T6581] loop0: detected capacity change from 0 to 1024 umount2("./524/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./524/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./524/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./524/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./524/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./524/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./524/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./524/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./524") = 0 mkdir("./525", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6583 ./strace-static-x86_64: Process 6583 attached [pid 6583] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6583] chdir("./525") = 0 [pid 6583] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6583] setpgid(0, 0) = 0 [pid 6583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6583] write(3, "1000", 4) = 4 [pid 6583] close(3) = 0 [pid 6583] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6583] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6583] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6583] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6583] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6584 attached , parent_tid=[6584], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6584 [pid 6584] set_robust_list(0x7f546d3029e0, 24 [pid 6583] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6584] <... set_robust_list resumed>) = 0 [pid 6583] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6584] memfd_create("syzkaller", 0) = 3 [pid 6584] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6584] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6584] munmap(0x7f5464ee2000, 524288) = 0 [pid 6584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6584] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6584] close(3) = 0 [pid 6584] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6584] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6584] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6584] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6584] ioctl(4, LOOP_CLR_FD) = 0 [pid 6584] close(4) = 0 [pid 6584] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6583] <... futex resumed>) = 0 [pid 6583] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6583] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6583] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6583] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6583] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6585], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6585 [pid 6583] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6583] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6584] <... futex resumed>) = 1 [pid 6584] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6584] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6584] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6585 attached [pid 6585] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6585] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6585] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6585] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6585] chdir(".") = 0 [pid 6585] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6583] <... futex resumed>) = 0 [pid 6583] exit_group(0 [pid 6584] <... futex resumed>) = ? [pid 6583] <... exit_group resumed>) = ? [pid 6584] +++ exited with 0 +++ [pid 6585] <... futex resumed>) = ? [pid 6585] +++ exited with 0 +++ [pid 6583] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6583, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./525", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./525", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./525/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./525/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./525/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./525/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./525/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./525/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./525/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./525/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./525/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./525") = 0 mkdir("./526", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 131.127546][ T6584] loop0: detected capacity change from 0 to 1024 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6586 ./strace-static-x86_64: Process 6586 attached [pid 6586] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6586] chdir("./526") = 0 [pid 6586] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6586] setpgid(0, 0) = 0 [pid 6586] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6586] write(3, "1000", 4) = 4 [pid 6586] close(3) = 0 [pid 6586] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6586] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6586] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6586] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6586] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6587 attached , parent_tid=[6587], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6587 [pid 6587] set_robust_list(0x7f546d3029e0, 24 [pid 6586] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6587] <... set_robust_list resumed>) = 0 [pid 6586] <... futex resumed>) = 0 [pid 6586] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6587] memfd_create("syzkaller", 0) = 3 [pid 6587] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6587] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6587] munmap(0x7f5464ee2000, 524288) = 0 [pid 6587] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6587] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6587] close(3) = 0 [pid 6587] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6587] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6587] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6587] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6587] ioctl(4, LOOP_CLR_FD) = 0 [pid 6587] close(4) = 0 [pid 6587] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6586] <... futex resumed>) = 0 [pid 6586] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6586] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6586] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6587] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6586] <... mmap resumed>) = 0x7f5464f41000 [pid 6586] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6586] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6588], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6588 [pid 6586] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6586] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6588 attached [pid 6588] set_robust_list(0x7f5464f619e0, 24 [pid 6587] <... mknodat resumed>) = 0 [pid 6587] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6587] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6588] <... set_robust_list resumed>) = 0 [pid 6588] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6588] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6588] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6588] chdir(".") = 0 [pid 6588] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6586] <... futex resumed>) = 0 [pid 6586] exit_group(0) = ? [pid 6587] <... futex resumed>) = ? [pid 6587] +++ exited with 0 +++ [pid 6588] +++ exited with 0 +++ [pid 6586] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6586, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./526", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./526", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./526/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./526/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./526/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./526/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./526/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./526/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./526/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./526/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./526/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./526") = 0 mkdir("./527", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 131.221838][ T6587] loop0: detected capacity change from 0 to 1024 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6589 ./strace-static-x86_64: Process 6589 attached [pid 6589] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6589] chdir("./527") = 0 [pid 6589] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6589] setpgid(0, 0) = 0 [pid 6589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6589] write(3, "1000", 4) = 4 [pid 6589] close(3) = 0 [pid 6589] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6589] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6589] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6589] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6590], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6590 [pid 6589] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6589] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6590 attached [pid 6590] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6590] memfd_create("syzkaller", 0) = 3 [pid 6590] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6590] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6590] munmap(0x7f5464ee2000, 524288) = 0 [pid 6590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6590] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6590] close(3) = 0 [pid 6590] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6590] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6590] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6590] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6590] ioctl(4, LOOP_CLR_FD) = 0 [pid 6590] close(4) = 0 [pid 6590] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6589] <... futex resumed>) = 0 [pid 6589] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6589] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6589] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6589] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6591], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6591 [pid 6589] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6589] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6590] <... futex resumed>) = 1 [pid 6590] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6590] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6590] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6591 attached [pid 6591] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6591] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6591] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6591] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6591] chdir(".") = 0 [pid 6591] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6589] <... futex resumed>) = 0 [pid 6589] exit_group(0) = ? [pid 6590] <... futex resumed>) = ? [pid 6590] +++ exited with 0 +++ [pid 6591] +++ exited with 0 +++ [pid 6589] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6589, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./527", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./527", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./527/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./527/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./527/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./527/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./527/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 131.309685][ T6590] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./527/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./527/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./527/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./527/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./527") = 0 mkdir("./528", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6592 ./strace-static-x86_64: Process 6592 attached [pid 6592] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6592] chdir("./528") = 0 [pid 6592] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6592] setpgid(0, 0) = 0 [pid 6592] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6592] write(3, "1000", 4) = 4 [pid 6592] close(3) = 0 [pid 6592] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6592] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6592] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6592] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6592] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6593 attached , parent_tid=[6593], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6593 [pid 6592] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6592] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6593] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6593] memfd_create("syzkaller", 0) = 3 [pid 6593] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6593] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6593] munmap(0x7f5464ee2000, 524288) = 0 [pid 6593] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6593] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6593] close(3) = 0 [pid 6593] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6593] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6593] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6593] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6593] ioctl(4, LOOP_CLR_FD) = 0 [pid 6593] close(4) = 0 [pid 6593] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6592] <... futex resumed>) = 0 [pid 6593] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6592] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6592] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6592] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6592] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6592] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6593] <... mknodat resumed>) = 0 [pid 6592] <... clone resumed>, parent_tid=[6594], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6594 [pid 6592] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6593] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6593] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6592] <... futex resumed>) = 0 [pid 6592] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6594 attached [pid 6594] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6594] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6594] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6594] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6594] chdir(".") = 0 [pid 6594] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6592] <... futex resumed>) = 0 [pid 6594] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6592] exit_group(0 [pid 6594] <... futex resumed>) = ? [pid 6592] <... exit_group resumed>) = ? [pid 6594] +++ exited with 0 +++ [pid 6593] <... futex resumed>) = ? [pid 6593] +++ exited with 0 +++ [pid 6592] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6592, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./528", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./528", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 131.406548][ T6593] loop0: detected capacity change from 0 to 1024 umount2("./528/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./528/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./528/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./528/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./528/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./528/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./528/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./528/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./528/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./528") = 0 mkdir("./529", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6595 attached , child_tidptr=0x5555561b25d0) = 6595 [pid 6595] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6595] chdir("./529") = 0 [pid 6595] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6595] setpgid(0, 0) = 0 [pid 6595] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6595] write(3, "1000", 4) = 4 [pid 6595] close(3) = 0 [pid 6595] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6595] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6595] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6595] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6595] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6596], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6596 ./strace-static-x86_64: Process 6596 attached [pid 6596] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6596] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6595] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6596] <... futex resumed>) = 0 [pid 6595] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6596] memfd_create("syzkaller", 0) = 3 [pid 6596] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6596] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6596] munmap(0x7f5464ee2000, 524288) = 0 [pid 6596] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6596] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6596] close(3) = 0 [pid 6596] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6596] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6596] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6596] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6596] ioctl(4, LOOP_CLR_FD) = 0 [pid 6596] close(4) = 0 [pid 6596] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6595] <... futex resumed>) = 0 [pid 6596] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6595] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6595] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6596] <... mknodat resumed>) = 0 [pid 6595] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6596] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6595] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 6596] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6595] <... mprotect resumed>) = 0 [pid 6595] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6597 attached [pid 6597] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6595] <... clone resumed>, parent_tid=[6597], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6597 [pid 6595] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6595] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6597] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6597] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6597] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6597] chdir(".") = 0 [pid 6597] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6595] <... futex resumed>) = 0 [pid 6597] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6595] exit_group(0 [pid 6597] <... futex resumed>) = ? [pid 6596] <... futex resumed>) = ? [pid 6595] <... exit_group resumed>) = ? [pid 6596] +++ exited with 0 +++ [pid 6597] +++ exited with 0 +++ [pid 6595] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6595, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 131.525451][ T6596] loop0: detected capacity change from 0 to 1024 umount2("./529", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./529", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./529/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./529/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./529/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./529/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./529/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./529/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./529/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./529/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./529/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./529") = 0 mkdir("./530", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6598 ./strace-static-x86_64: Process 6598 attached [pid 6598] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6598] chdir("./530") = 0 [pid 6598] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6598] setpgid(0, 0) = 0 [pid 6598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6598] write(3, "1000", 4) = 4 [pid 6598] close(3) = 0 [pid 6598] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6598] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6598] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6598] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6599], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6599 ./strace-static-x86_64: Process 6599 attached [pid 6599] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6599] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6598] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6599] <... futex resumed>) = 0 [pid 6598] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6599] memfd_create("syzkaller", 0) = 3 [pid 6599] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6599] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6599] munmap(0x7f5464ee2000, 524288) = 0 [pid 6599] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6599] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6599] close(3) = 0 [pid 6599] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6599] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6599] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6599] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6599] ioctl(4, LOOP_CLR_FD) = 0 [pid 6599] close(4) = 0 [pid 6599] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6598] <... futex resumed>) = 0 [pid 6598] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6598] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6598] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6598] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6600], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6600 [pid 6598] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6598] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6599] <... futex resumed>) = 1 [pid 6599] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6600 attached [pid 6600] set_robust_list(0x7f5464f619e0, 24 [pid 6599] <... mknodat resumed>) = 0 [pid 6599] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6599] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6600] <... set_robust_list resumed>) = 0 [pid 6600] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6600] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6600] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6600] chdir(".") = 0 [pid 6600] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6598] <... futex resumed>) = 0 [pid 6598] exit_group(0) = ? [pid 6600] <... futex resumed>) = ? [pid 6599] <... futex resumed>) = ? [pid 6600] +++ exited with 0 +++ [pid 6599] +++ exited with 0 +++ [pid 6598] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6598, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./530", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./530", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 131.661403][ T6599] loop0: detected capacity change from 0 to 1024 umount2("./530/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./530/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./530/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./530/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./530/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./530/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./530/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./530/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./530/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./530") = 0 mkdir("./531", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6601 ./strace-static-x86_64: Process 6601 attached [pid 6601] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6601] chdir("./531") = 0 [pid 6601] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6601] setpgid(0, 0) = 0 [pid 6601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6601] write(3, "1000", 4) = 4 [pid 6601] close(3) = 0 [pid 6601] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6601] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6601] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6601] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6602], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6602 [pid 6601] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6601] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6602 attached [pid 6602] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6602] memfd_create("syzkaller", 0) = 3 [pid 6602] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6602] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6602] munmap(0x7f5464ee2000, 524288) = 0 [pid 6602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6602] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6602] close(3) = 0 [pid 6602] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6602] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6602] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6602] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6602] ioctl(4, LOOP_CLR_FD) = 0 [pid 6602] close(4) = 0 [pid 6602] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6601] <... futex resumed>) = 0 [pid 6602] <... futex resumed>) = 1 [pid 6601] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6601] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6601] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6601] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6603], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6603 [pid 6601] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6601] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6602] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 ./strace-static-x86_64: Process 6603 attached [pid 6602] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6603] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6603] mkdir(".", 0777 [pid 6602] <... futex resumed>) = 0 [pid 6603] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6603] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6602] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6603] <... mount resumed>) = 0 [pid 6603] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6603] chdir(".") = 0 [pid 6603] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6601] <... futex resumed>) = 0 [pid 6603] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6601] exit_group(0 [pid 6603] <... futex resumed>) = ? [pid 6602] <... futex resumed>) = ? [pid 6601] <... exit_group resumed>) = ? [pid 6603] +++ exited with 0 +++ [pid 6602] +++ exited with 0 +++ [pid 6601] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6601, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./531", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./531", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./531/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./531/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./531/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./531/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./531/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 131.777666][ T6602] loop0: detected capacity change from 0 to 1024 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./531/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./531/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./531/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./531/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./531") = 0 mkdir("./532", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6604 ./strace-static-x86_64: Process 6604 attached [pid 6604] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6604] chdir("./532") = 0 [pid 6604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6604] setpgid(0, 0) = 0 [pid 6604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6604] write(3, "1000", 4) = 4 [pid 6604] close(3) = 0 [pid 6604] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6604] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6604] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6604] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6604] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6605], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6605 ./strace-static-x86_64: Process 6605 attached [pid 6604] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6605] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6604] <... futex resumed>) = 0 [pid 6604] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6605] memfd_create("syzkaller", 0) = 3 [pid 6605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6605] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6605] munmap(0x7f5464ee2000, 524288) = 0 [pid 6605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6605] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6605] close(3) = 0 [pid 6605] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6605] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6605] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6605] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6605] ioctl(4, LOOP_CLR_FD) = 0 [pid 6605] close(4) = 0 [pid 6605] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6604] <... futex resumed>) = 0 [pid 6605] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6604] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6604] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6605] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6604] <... futex resumed>) = 0 [pid 6605] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6604] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6604] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6604] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6606], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6606 [pid 6604] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6604] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6606 attached [pid 6606] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6606] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6606] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6605] <... mknodat resumed>) = 0 [pid 6605] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6605] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6606] <... mount resumed>) = 0 [pid 6606] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6606] chdir(".") = 0 [pid 6606] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6604] <... futex resumed>) = 0 [pid 6606] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6604] exit_group(0 [pid 6605] <... futex resumed>) = ? [pid 6604] <... exit_group resumed>) = ? [pid 6606] <... futex resumed>) = ? [pid 6605] +++ exited with 0 +++ [pid 6606] +++ exited with 0 +++ [pid 6604] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6604, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./532", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./532", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./532/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./532/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./532/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./532/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./532/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 131.878668][ T6605] loop0: detected capacity change from 0 to 1024 rmdir("./532/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./532/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./532/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./532/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./532") = 0 mkdir("./533", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6607 ./strace-static-x86_64: Process 6607 attached [pid 6607] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6607] chdir("./533") = 0 [pid 6607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6607] setpgid(0, 0) = 0 [pid 6607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6607] write(3, "1000", 4) = 4 [pid 6607] close(3) = 0 [pid 6607] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6607] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6607] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6607] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6608 attached , parent_tid=[6608], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6608 [pid 6608] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6608] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6607] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6608] <... futex resumed>) = 0 [pid 6608] memfd_create("syzkaller", 0 [pid 6607] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6608] <... memfd_create resumed>) = 3 [pid 6608] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6608] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6608] munmap(0x7f5464ee2000, 524288) = 0 [pid 6608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6608] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6608] close(3) = 0 [pid 6608] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6608] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6608] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6608] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6608] ioctl(4, LOOP_CLR_FD) = 0 [pid 6608] close(4) = 0 [pid 6608] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6607] <... futex resumed>) = 0 [pid 6607] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6607] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6607] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6607] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6609], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6609 [pid 6607] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6607] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6608] <... futex resumed>) = 1 [pid 6608] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6608] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6608] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6609 attached [pid 6609] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6609] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6609] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6609] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6609] chdir(".") = 0 [pid 6609] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6607] <... futex resumed>) = 0 [pid 6607] exit_group(0) = ? [pid 6608] <... futex resumed>) = ? [pid 6608] +++ exited with 0 +++ [pid 6609] <... futex resumed>) = ? [pid 6609] +++ exited with 0 +++ [pid 6607] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6607, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./533", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./533", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 131.968848][ T6608] loop0: detected capacity change from 0 to 1024 umount2("./533/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./533/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./533/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./533/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./533/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./533/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./533/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./533/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./533/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./533") = 0 mkdir("./534", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6610 ./strace-static-x86_64: Process 6610 attached [pid 6610] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6610] chdir("./534") = 0 [pid 6610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6610] setpgid(0, 0) = 0 [pid 6610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6610] write(3, "1000", 4) = 4 [pid 6610] close(3) = 0 [pid 6610] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6610] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6610] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6610] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6610] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6611 attached , parent_tid=[6611], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6611 [pid 6610] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6610] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6611] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6611] memfd_create("syzkaller", 0) = 3 [pid 6611] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6611] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6611] munmap(0x7f5464ee2000, 524288) = 0 [pid 6611] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6611] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6611] close(3) = 0 [pid 6611] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6611] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6611] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6611] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6611] ioctl(4, LOOP_CLR_FD) = 0 [pid 6611] close(4) = 0 [pid 6611] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6610] <... futex resumed>) = 0 [pid 6611] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6610] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6611] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6610] <... futex resumed>) = 0 [pid 6611] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6610] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6610] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6610] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6610] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6611] <... mknodat resumed>) = 0 [pid 6610] <... clone resumed>, parent_tid=[6612], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6612 [pid 6610] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6610] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6612 attached [pid 6612] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6612] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6612] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6611] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6611] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6612] <... mount resumed>) = 0 [pid 6612] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6612] chdir(".") = 0 [pid 6612] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6610] <... futex resumed>) = 0 [pid 6612] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6610] exit_group(0 [pid 6612] <... futex resumed>) = ? [pid 6610] <... exit_group resumed>) = ? [pid 6612] +++ exited with 0 +++ [pid 6611] <... futex resumed>) = ? [pid 6611] +++ exited with 0 +++ [pid 6610] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6610, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./534", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./534", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./534/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./534/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 132.072300][ T6611] loop0: detected capacity change from 0 to 1024 lstat("./534/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./534/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./534/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./534/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./534/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./534/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./534/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./534") = 0 mkdir("./535", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6613 ./strace-static-x86_64: Process 6613 attached [pid 6613] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6613] chdir("./535") = 0 [pid 6613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6613] setpgid(0, 0) = 0 [pid 6613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6613] write(3, "1000", 4) = 4 [pid 6613] close(3) = 0 [pid 6613] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6613] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6613] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6613] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6614], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6614 ./strace-static-x86_64: Process 6614 attached [pid 6613] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6613] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6614] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6614] memfd_create("syzkaller", 0) = 3 [pid 6614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6614] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6614] munmap(0x7f5464ee2000, 524288) = 0 [pid 6614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6614] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6614] close(3) = 0 [pid 6614] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6614] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6614] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6614] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6614] ioctl(4, LOOP_CLR_FD) = 0 [pid 6614] close(4) = 0 [pid 6614] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6613] <... futex resumed>) = 0 [pid 6613] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6614] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6613] <... futex resumed>) = 0 [pid 6613] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6613] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6613] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6615], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6615 [pid 6613] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6613] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6614] <... mknodat resumed>) = 0 [pid 6614] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6614] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6615 attached [pid 6615] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6615] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6615] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6615] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6615] chdir(".") = 0 [pid 6615] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6613] <... futex resumed>) = 0 [pid 6615] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6613] exit_group(0) = ? [pid 6615] <... futex resumed>) = ? [pid 6614] <... futex resumed>) = ? [pid 6614] +++ exited with 0 +++ [pid 6615] +++ exited with 0 +++ [pid 6613] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6613, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./535", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./535", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 132.174320][ T6614] loop0: detected capacity change from 0 to 1024 umount2("./535/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./535/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./535/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./535/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./535/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./535/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./535/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./535/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./535/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./535") = 0 mkdir("./536", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6616 ./strace-static-x86_64: Process 6616 attached [pid 6616] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6616] chdir("./536") = 0 [pid 6616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6616] setpgid(0, 0) = 0 [pid 6616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6616] write(3, "1000", 4) = 4 [pid 6616] close(3) = 0 [pid 6616] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6616] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6616] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6616] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6617], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6617 ./strace-static-x86_64: Process 6617 attached [pid 6617] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6617] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6616] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6617] <... futex resumed>) = 0 [pid 6616] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6617] memfd_create("syzkaller", 0) = 3 [pid 6617] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6617] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6617] munmap(0x7f5464ee2000, 524288) = 0 [pid 6617] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6617] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6617] close(3) = 0 [pid 6617] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6617] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6617] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6617] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6617] ioctl(4, LOOP_CLR_FD) = 0 [pid 6617] close(4) = 0 [pid 6617] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6616] <... futex resumed>) = 0 [pid 6617] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6616] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6617] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6616] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6617] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6616] <... futex resumed>) = 0 [pid 6616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6616] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6616] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6618 attached , parent_tid=[6618], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6618 [pid 6618] set_robust_list(0x7f5464f619e0, 24 [pid 6616] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6616] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6618] <... set_robust_list resumed>) = 0 [pid 6618] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6618] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6617] <... mknodat resumed>) = 0 [pid 6617] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6617] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6618] <... mount resumed>) = 0 [pid 6618] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6618] chdir(".") = 0 [pid 6618] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6616] <... futex resumed>) = 0 [pid 6618] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6616] exit_group(0) = ? [pid 6617] <... futex resumed>) = ? [pid 6618] <... futex resumed>) = ? [pid 6617] +++ exited with 0 +++ [ 132.296603][ T6617] loop0: detected capacity change from 0 to 1024 [pid 6618] +++ exited with 0 +++ [pid 6616] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6616, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./536", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./536", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./536/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./536/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./536/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./536/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./536/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./536/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./536/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./536/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./536/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./536") = 0 mkdir("./537", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6619 ./strace-static-x86_64: Process 6619 attached [pid 6619] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6619] chdir("./537") = 0 [pid 6619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6619] setpgid(0, 0) = 0 [pid 6619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6619] write(3, "1000", 4) = 4 [pid 6619] close(3) = 0 [pid 6619] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6619] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6619] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6619] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6619] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6620], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6620 [pid 6619] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6619] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6620 attached [pid 6620] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6620] memfd_create("syzkaller", 0) = 3 [pid 6620] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6620] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6620] munmap(0x7f5464ee2000, 524288) = 0 [pid 6620] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6620] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6620] close(3) = 0 [pid 6620] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6620] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6620] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6620] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6620] ioctl(4, LOOP_CLR_FD) = 0 [pid 6620] close(4) = 0 [pid 6620] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6619] <... futex resumed>) = 0 [pid 6620] <... futex resumed>) = 1 [pid 6619] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6620] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6619] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6619] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6619] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6619] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6621], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6621 [pid 6619] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6619] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6621 attached [pid 6621] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6621] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6620] <... mknodat resumed>) = 0 [pid 6621] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6620] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6620] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6621] <... mount resumed>) = 0 [pid 6621] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6621] chdir(".") = 0 [pid 6621] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6619] <... futex resumed>) = 0 [pid 6621] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6619] exit_group(0 [pid 6620] <... futex resumed>) = ? [pid 6619] <... exit_group resumed>) = ? [pid 6620] +++ exited with 0 +++ [pid 6621] <... futex resumed>) = ? [pid 6621] +++ exited with 0 +++ [pid 6619] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6619, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./537", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./537", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./537/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./537/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./537/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./537/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./537/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 [ 132.416428][ T6620] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./537/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./537/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./537/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./537/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./537") = 0 mkdir("./538", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6622 attached [pid 6622] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6622] chdir("./538") = 0 [pid 6622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6622] setpgid(0, 0) = 0 [pid 6622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6622] write(3, "1000", 4) = 4 [pid 6622] close(3) = 0 [pid 4999] <... clone resumed>, child_tidptr=0x5555561b25d0) = 6622 [pid 6622] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6622] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6622] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6622] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6623], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6623 [pid 6622] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6622] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6623 attached [pid 6623] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6623] memfd_create("syzkaller", 0) = 3 [pid 6623] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6623] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6623] munmap(0x7f5464ee2000, 524288) = 0 [pid 6623] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6623] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6623] close(3) = 0 [pid 6623] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6623] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6623] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6623] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6623] ioctl(4, LOOP_CLR_FD) = 0 [pid 6623] close(4) = 0 [pid 6623] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6622] <... futex resumed>) = 0 [pid 6623] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6622] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6623] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6622] <... futex resumed>) = 0 [pid 6623] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6622] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6622] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 6623] <... mknodat resumed>) = 0 [pid 6622] <... mprotect resumed>) = 0 [pid 6622] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6623] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6622] <... clone resumed>, parent_tid=[6624], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6624 [pid 6623] <... futex resumed>) = 0 [pid 6622] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6623] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6622] <... futex resumed>) = 0 [pid 6622] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6624 attached [pid 6624] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6624] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6624] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6624] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6624] chdir(".") = 0 [pid 6624] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6622] <... futex resumed>) = 0 [pid 6624] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6622] exit_group(0 [pid 6624] <... futex resumed>) = ? [pid 6623] <... futex resumed>) = ? [pid 6622] <... exit_group resumed>) = ? [pid 6624] +++ exited with 0 +++ [pid 6623] +++ exited with 0 +++ [pid 6622] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6622, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./538", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./538", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 132.512168][ T6623] loop0: detected capacity change from 0 to 1024 umount2("./538/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./538/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./538/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./538/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./538/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./538/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./538/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./538/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./538/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./538") = 0 mkdir("./539", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6625 ./strace-static-x86_64: Process 6625 attached [pid 6625] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6625] chdir("./539") = 0 [pid 6625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6625] setpgid(0, 0) = 0 [pid 6625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6625] write(3, "1000", 4) = 4 [pid 6625] close(3) = 0 [pid 6625] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6625] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6625] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6625] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6626 attached [pid 6626] set_robust_list(0x7f546d3029e0, 24 [pid 6625] <... clone resumed>, parent_tid=[6626], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6626 [pid 6626] <... set_robust_list resumed>) = 0 [pid 6625] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6625] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6626] memfd_create("syzkaller", 0) = 3 [pid 6626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6626] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6626] munmap(0x7f5464ee2000, 524288) = 0 [pid 6626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6626] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6626] close(3) = 0 [pid 6626] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6626] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6626] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6626] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6626] ioctl(4, LOOP_CLR_FD) = 0 [pid 6626] close(4) = 0 [pid 6626] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6625] <... futex resumed>) = 0 [pid 6626] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6625] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6625] <... futex resumed>) = 0 [pid 6626] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6625] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6625] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6626] <... mknodat resumed>) = 0 [pid 6625] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6627], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6627 [pid 6625] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6625] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6626] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6626] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6627 attached [pid 6627] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6627] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6627] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6627] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6627] chdir(".") = 0 [pid 6627] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6625] <... futex resumed>) = 0 [pid 6625] exit_group(0 [pid 6626] <... futex resumed>) = ? [pid 6625] <... exit_group resumed>) = ? [pid 6626] +++ exited with 0 +++ [pid 6627] +++ exited with 0 +++ [pid 6625] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6625, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./539", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./539", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 132.615456][ T6626] loop0: detected capacity change from 0 to 1024 umount2("./539/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./539/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./539/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./539/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./539/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./539/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./539/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./539/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./539/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./539") = 0 mkdir("./540", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6628 ./strace-static-x86_64: Process 6628 attached [pid 6628] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6628] chdir("./540") = 0 [pid 6628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6628] setpgid(0, 0) = 0 [pid 6628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6628] write(3, "1000", 4) = 4 [pid 6628] close(3) = 0 [pid 6628] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6628] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6628] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6628] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6629 attached , parent_tid=[6629], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6629 [pid 6629] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6629] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6628] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6629] <... futex resumed>) = 0 [pid 6628] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6629] memfd_create("syzkaller", 0) = 3 [pid 6629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6629] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6629] munmap(0x7f5464ee2000, 524288) = 0 [pid 6629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6629] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6629] close(3) = 0 [pid 6629] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6629] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6629] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6629] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6629] ioctl(4, LOOP_CLR_FD) = 0 [pid 6629] close(4) = 0 [pid 6629] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6628] <... futex resumed>) = 0 [pid 6628] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6628] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6628] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6628] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6630], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6630 [pid 6628] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6628] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6629] <... futex resumed>) = 1 [pid 6629] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6630 attached [pid 6630] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6630] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6630] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6629] <... mknodat resumed>) = 0 [pid 6629] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6630] <... mount resumed>) = 0 [pid 6629] <... futex resumed>) = 0 [pid 6630] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6629] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6630] chdir(".") = 0 [pid 6630] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6628] <... futex resumed>) = 0 [pid 6628] exit_group(0) = ? [pid 6630] <... futex resumed>) = ? [pid 6630] +++ exited with 0 +++ [pid 6629] <... futex resumed>) = ? [pid 6629] +++ exited with 0 +++ [pid 6628] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6628, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./540", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./540", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./540/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./540/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./540/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./540/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./540/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./540/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./540/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./540/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./540/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./540") = 0 mkdir("./541", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 132.734892][ T6629] loop0: detected capacity change from 0 to 1024 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6631 ./strace-static-x86_64: Process 6631 attached [pid 6631] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6631] chdir("./541") = 0 [pid 6631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6631] setpgid(0, 0) = 0 [pid 6631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6631] write(3, "1000", 4) = 4 [pid 6631] close(3) = 0 [pid 6631] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6631] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6631] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6631] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6632], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6632 ./strace-static-x86_64: Process 6632 attached [pid 6632] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6632] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6631] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6632] <... futex resumed>) = 0 [pid 6631] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6632] memfd_create("syzkaller", 0) = 3 [pid 6632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6632] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6632] munmap(0x7f5464ee2000, 524288) = 0 [pid 6632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6632] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6632] close(3) = 0 [pid 6632] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6632] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6632] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6632] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6632] ioctl(4, LOOP_CLR_FD) = 0 [pid 6632] close(4) = 0 [pid 6632] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6631] <... futex resumed>) = 0 [pid 6631] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6631] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6632] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6631] <... mmap resumed>) = 0x7f5464f41000 [pid 6631] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6631] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6633], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6633 [pid 6631] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6631] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6632] <... mknodat resumed>) = 0 [pid 6632] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6632] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6633 attached [pid 6633] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6633] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6633] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6633] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6633] chdir(".") = 0 [pid 6633] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6631] <... futex resumed>) = 0 [pid 6631] exit_group(0 [pid 6632] <... futex resumed>) = ? [pid 6631] <... exit_group resumed>) = ? [pid 6632] +++ exited with 0 +++ [pid 6633] <... futex resumed>) = ? [pid 6633] +++ exited with 0 +++ [pid 6631] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6631, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./541", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./541", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./541/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./541/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./541/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./541/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./541/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 132.831754][ T6632] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./541/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./541/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./541/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./541/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./541") = 0 mkdir("./542", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6634 attached [pid 6634] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6634] chdir("./542") = 0 [pid 6634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6634] setpgid(0, 0 [pid 4999] <... clone resumed>, child_tidptr=0x5555561b25d0) = 6634 [pid 6634] <... setpgid resumed>) = 0 [pid 6634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6634] write(3, "1000", 4) = 4 [pid 6634] close(3) = 0 [pid 6634] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6634] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6634] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6634] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6635 attached , parent_tid=[6635], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6635 [pid 6634] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6634] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6635] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6635] memfd_create("syzkaller", 0) = 3 [pid 6635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6635] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6635] munmap(0x7f5464ee2000, 524288) = 0 [pid 6635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6635] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6635] close(3) = 0 [pid 6635] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6635] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6635] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6635] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6635] ioctl(4, LOOP_CLR_FD) = 0 [pid 6635] close(4) = 0 [pid 6635] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6635] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6634] <... futex resumed>) = 0 [pid 6634] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6634] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6635] <... futex resumed>) = 0 [pid 6634] <... futex resumed>) = 0 [pid 6635] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6634] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6634] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6636 attached , parent_tid=[6636], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6636 [pid 6634] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6635] <... mknodat resumed>) = 0 [pid 6634] <... futex resumed>) = 0 [pid 6634] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6635] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6635] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6636] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6636] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6636] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6636] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6636] chdir(".") = 0 [pid 6636] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6634] <... futex resumed>) = 0 [pid 6636] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6634] exit_group(0 [pid 6635] <... futex resumed>) = ? [pid 6634] <... exit_group resumed>) = ? [pid 6635] +++ exited with 0 +++ [pid 6636] <... futex resumed>) = ? [pid 6636] +++ exited with 0 +++ [pid 6634] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6634, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./542", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./542", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./542/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./542/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./542/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./542/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./542/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 132.941693][ T6635] loop0: detected capacity change from 0 to 1024 rmdir("./542/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./542/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./542/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./542/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./542") = 0 mkdir("./543", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6637 ./strace-static-x86_64: Process 6637 attached [pid 6637] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6637] chdir("./543") = 0 [pid 6637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6637] setpgid(0, 0) = 0 [pid 6637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6637] write(3, "1000", 4) = 4 [pid 6637] close(3) = 0 [pid 6637] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6637] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6637] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6637] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6638 attached [pid 6638] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6637] <... clone resumed>, parent_tid=[6638], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6638 [pid 6638] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6637] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6637] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6638] <... futex resumed>) = 0 [pid 6638] memfd_create("syzkaller", 0) = 3 [pid 6638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6638] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6638] munmap(0x7f5464ee2000, 524288) = 0 [pid 6638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6638] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6638] close(3) = 0 [pid 6638] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6638] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6638] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6638] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6638] ioctl(4, LOOP_CLR_FD) = 0 [pid 6638] close(4) = 0 [pid 6638] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6638] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6637] <... futex resumed>) = 0 [pid 6637] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6638] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6638] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6637] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6637] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6637] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6639], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6639 [pid 6637] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6637] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6638] <... mknodat resumed>) = 0 [pid 6638] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6638] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6639 attached [pid 6639] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6639] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6639] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6639] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6639] chdir(".") = 0 [pid 6639] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6637] <... futex resumed>) = 0 [pid 6637] exit_group(0) = ? [pid 6638] <... futex resumed>) = ? [pid 6638] +++ exited with 0 +++ [pid 6639] +++ exited with 0 +++ [pid 6637] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6637, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./543", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./543", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./543/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./543/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./543/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./543/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./543/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 133.053406][ T6638] loop0: detected capacity change from 0 to 1024 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./543/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./543/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./543/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./543/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./543") = 0 mkdir("./544", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6640 ./strace-static-x86_64: Process 6640 attached [pid 6640] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6640] chdir("./544") = 0 [pid 6640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6640] setpgid(0, 0) = 0 [pid 6640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6640] write(3, "1000", 4) = 4 [pid 6640] close(3) = 0 [pid 6640] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6640] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6640] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6640] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6640] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6641], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6641 [pid 6640] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6640] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6641 attached [pid 6641] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6641] memfd_create("syzkaller", 0) = 3 [pid 6641] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6641] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6641] munmap(0x7f5464ee2000, 524288) = 0 [pid 6641] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6641] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6641] close(3) = 0 [pid 6641] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6641] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6641] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6641] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6641] ioctl(4, LOOP_CLR_FD) = 0 [pid 6641] close(4) = 0 [pid 6641] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6640] <... futex resumed>) = 0 [pid 6640] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6640] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6640] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6641] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6640] <... mmap resumed>) = 0x7f5464f41000 [pid 6640] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6640] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6642], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6642 [pid 6640] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6640] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6642 attached [pid 6642] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6642] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6642] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6641] <... mknodat resumed>) = 0 [pid 6641] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] <... mount resumed>) = 0 [pid 6642] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6642] chdir("." [pid 6641] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6642] <... chdir resumed>) = 0 [pid 6642] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6640] <... futex resumed>) = 0 [pid 6640] exit_group(0) = ? [pid 6641] <... futex resumed>) = ? [pid 6642] <... futex resumed>) = ? [pid 6641] +++ exited with 0 +++ [pid 6642] +++ exited with 0 +++ [pid 6640] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6640, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./544", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./544", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./544/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./544/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./544/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./544/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 133.139618][ T6641] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "./544/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./544/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./544/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./544/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./544/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./544") = 0 mkdir("./545", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6643 ./strace-static-x86_64: Process 6643 attached [pid 6643] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6643] chdir("./545") = 0 [pid 6643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6643] setpgid(0, 0) = 0 [pid 6643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6643] write(3, "1000", 4) = 4 [pid 6643] close(3) = 0 [pid 6643] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6643] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6643] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6643] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6644 attached [pid 6644] set_robust_list(0x7f546d3029e0, 24 [pid 6643] <... clone resumed>, parent_tid=[6644], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6644 [pid 6643] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6644] <... set_robust_list resumed>) = 0 [pid 6643] <... futex resumed>) = 0 [pid 6643] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6644] memfd_create("syzkaller", 0) = 3 [pid 6644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6644] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6644] munmap(0x7f5464ee2000, 524288) = 0 [pid 6644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6644] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6644] close(3) = 0 [pid 6644] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6644] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6644] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6644] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6644] ioctl(4, LOOP_CLR_FD) = 0 [pid 6644] close(4) = 0 [pid 6644] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6643] <... futex resumed>) = 0 [pid 6643] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6644] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6643] <... futex resumed>) = 0 [pid 6643] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6643] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6643] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6645], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6645 [pid 6643] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6643] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6644] <... mknodat resumed>) = 0 [pid 6644] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6645 attached [pid 6645] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6645] mkdir(".", 0777 [pid 6644] <... futex resumed>) = 0 [pid 6644] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6645] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6645] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6645] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6645] chdir(".") = 0 [pid 6645] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6643] <... futex resumed>) = 0 [pid 6645] <... futex resumed>) = 1 [pid 6643] exit_group(0 [pid 6645] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6644] <... futex resumed>) = ? [pid 6643] <... exit_group resumed>) = ? [pid 6644] +++ exited with 0 +++ [pid 6645] +++ exited with 0 +++ [pid 6643] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6643, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./545", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./545", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./545/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./545/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./545/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 133.260860][ T6644] loop0: detected capacity change from 0 to 1024 umount2("./545/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./545/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./545/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./545/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./545/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./545/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./545") = 0 mkdir("./546", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6646 ./strace-static-x86_64: Process 6646 attached [pid 6646] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6646] chdir("./546") = 0 [pid 6646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6646] setpgid(0, 0) = 0 [pid 6646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6646] write(3, "1000", 4) = 4 [pid 6646] close(3) = 0 [pid 6646] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6646] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6646] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6646] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6646] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6647 attached , parent_tid=[6647], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6647 [pid 6647] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6647] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6646] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6647] <... futex resumed>) = 0 [pid 6646] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6647] memfd_create("syzkaller", 0) = 3 [pid 6647] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6647] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6647] munmap(0x7f5464ee2000, 524288) = 0 [pid 6647] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6647] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6647] close(3) = 0 [pid 6647] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6647] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6647] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6647] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6647] ioctl(4, LOOP_CLR_FD) = 0 [pid 6647] close(4) = 0 [pid 6647] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6646] <... futex resumed>) = 0 [pid 6646] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6646] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6646] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6646] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6646] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6648], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6648 [pid 6646] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6646] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6647] <... futex resumed>) = 1 [pid 6647] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6647] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6647] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6648 attached [pid 6648] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6648] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6648] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6648] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6648] chdir(".") = 0 [pid 6648] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6646] <... futex resumed>) = 0 [pid 6648] <... futex resumed>) = 1 [pid 6648] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6646] exit_group(0 [pid 6648] <... futex resumed>) = ? [pid 6646] <... exit_group resumed>) = ? [pid 6648] +++ exited with 0 +++ [pid 6647] <... futex resumed>) = ? [pid 6647] +++ exited with 0 +++ [pid 6646] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6646, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./546", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./546", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./546/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./546/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./546/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./546/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./546/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./546/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./546/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 133.365051][ T6647] loop0: detected capacity change from 0 to 1024 lstat("./546/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./546/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./546") = 0 mkdir("./547", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6649 ./strace-static-x86_64: Process 6649 attached [pid 6649] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6649] chdir("./547") = 0 [pid 6649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6649] setpgid(0, 0) = 0 [pid 6649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6649] write(3, "1000", 4) = 4 [pid 6649] close(3) = 0 [pid 6649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6649] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6649] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6649] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6650], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6650 [pid 6649] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6649] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6650 attached [pid 6650] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6650] memfd_create("syzkaller", 0) = 3 [pid 6650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6650] munmap(0x7f5464ee2000, 524288) = 0 [pid 6650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6650] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6650] close(3) = 0 [pid 6650] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6650] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6650] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6650] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6650] ioctl(4, LOOP_CLR_FD) = 0 [pid 6650] close(4) = 0 [pid 6650] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] <... futex resumed>) = 0 [pid 6649] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6649] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6649] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6650] <... futex resumed>) = 1 [pid 6649] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6650] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6649] <... clone resumed>, parent_tid=[6651], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6651 [pid 6649] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6649] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6651 attached [pid 6650] <... mknodat resumed>) = 0 [pid 6651] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6651] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6651] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6650] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6650] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6651] <... mount resumed>) = 0 [pid 6651] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6651] chdir(".") = 0 [pid 6651] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6649] <... futex resumed>) = 0 [pid 6651] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6649] exit_group(0 [pid 6650] <... futex resumed>) = ? [pid 6649] <... exit_group resumed>) = ? [pid 6651] <... futex resumed>) = ? [pid 6650] +++ exited with 0 +++ [pid 6651] +++ exited with 0 +++ [pid 6649] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6649, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./547", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./547", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 133.471630][ T6650] loop0: detected capacity change from 0 to 1024 umount2("./547/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./547/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./547/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./547/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./547/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./547/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./547/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./547/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./547/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./547") = 0 mkdir("./548", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6652 ./strace-static-x86_64: Process 6652 attached [pid 6652] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6652] chdir("./548") = 0 [pid 6652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6652] setpgid(0, 0) = 0 [pid 6652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6652] write(3, "1000", 4) = 4 [pid 6652] close(3) = 0 [pid 6652] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6652] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6652] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6652] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6653 attached , parent_tid=[6653], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6653 [pid 6653] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6653] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6652] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6653] <... futex resumed>) = 0 [pid 6652] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6653] memfd_create("syzkaller", 0) = 3 [pid 6653] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6653] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6653] munmap(0x7f5464ee2000, 524288) = 0 [pid 6653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6653] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6653] close(3) = 0 [pid 6653] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6653] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6653] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6653] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6653] ioctl(4, LOOP_CLR_FD) = 0 [pid 6653] close(4) = 0 [pid 6653] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6652] <... futex resumed>) = 0 [pid 6652] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6652] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6652] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6652] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6654], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6654 [pid 6652] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6652] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6653] <... futex resumed>) = 1 [pid 6653] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6654 attached [pid 6654] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6654] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6654] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6653] <... mknodat resumed>) = 0 [pid 6654] <... mount resumed>) = 0 [pid 6654] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6653] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6654] <... openat resumed>) = 4 [pid 6653] <... futex resumed>) = 0 [pid 6654] chdir("." [pid 6653] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6654] <... chdir resumed>) = 0 [pid 6654] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6652] <... futex resumed>) = 0 [pid 6654] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6652] exit_group(0 [pid 6654] <... futex resumed>) = ? [pid 6652] <... exit_group resumed>) = ? [pid 6654] +++ exited with 0 +++ [pid 6653] <... futex resumed>) = ? [pid 6653] +++ exited with 0 +++ [pid 6652] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6652, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./548", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./548", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./548/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./548/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./548/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./548/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./548/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./548/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./548/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./548/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 133.589695][ T6653] loop0: detected capacity change from 0 to 1024 unlink("./548/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./548") = 0 mkdir("./549", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6655 ./strace-static-x86_64: Process 6655 attached [pid 6655] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6655] chdir("./549") = 0 [pid 6655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6655] setpgid(0, 0) = 0 [pid 6655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6655] write(3, "1000", 4) = 4 [pid 6655] close(3) = 0 [pid 6655] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6655] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6655] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6655] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6656 attached , parent_tid=[6656], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6656 [pid 6655] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6655] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6656] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6656] memfd_create("syzkaller", 0) = 3 [pid 6656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6656] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6656] munmap(0x7f5464ee2000, 524288) = 0 [pid 6656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6656] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6656] close(3) = 0 [pid 6656] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6656] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6656] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6656] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6656] ioctl(4, LOOP_CLR_FD) = 0 [pid 6656] close(4) = 0 [pid 6656] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6655] <... futex resumed>) = 0 [pid 6655] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6655] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6655] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6655] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6657 attached , parent_tid=[6657], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6657 [pid 6655] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6655] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6657] set_robust_list(0x7f5464f619e0, 24 [pid 6656] <... futex resumed>) = 1 [pid 6656] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6657] <... set_robust_list resumed>) = 0 [pid 6657] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6657] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6656] <... mknodat resumed>) = 0 [pid 6656] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6656] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6657] <... mount resumed>) = 0 [pid 6657] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6657] chdir(".") = 0 [pid 6657] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6655] <... futex resumed>) = 0 [pid 6655] exit_group(0 [pid 6657] <... futex resumed>) = ? [pid 6655] <... exit_group resumed>) = ? [pid 6656] <... futex resumed>) = ? [pid 6656] +++ exited with 0 +++ [pid 6657] +++ exited with 0 +++ [pid 6655] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6655, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 133.683572][ T6656] loop0: detected capacity change from 0 to 1024 umount2("./549", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./549", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./549/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./549/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./549/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./549/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./549/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./549/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./549/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./549/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./549/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./549") = 0 mkdir("./550", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6658 ./strace-static-x86_64: Process 6658 attached [pid 6658] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6658] chdir("./550") = 0 [pid 6658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6658] setpgid(0, 0) = 0 [pid 6658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6658] write(3, "1000", 4) = 4 [pid 6658] close(3) = 0 [pid 6658] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6658] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6658] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6658] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6658] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6659], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6659 [pid 6658] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6658] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6659 attached [pid 6659] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6659] memfd_create("syzkaller", 0) = 3 [pid 6659] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6659] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6659] munmap(0x7f5464ee2000, 524288) = 0 [pid 6659] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6659] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6659] close(3) = 0 [pid 6659] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6659] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6659] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6659] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6659] ioctl(4, LOOP_CLR_FD) = 0 [pid 6659] close(4) = 0 [pid 6659] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6658] <... futex resumed>) = 0 [pid 6658] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6658] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6658] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6659] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6658] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6658] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6660], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6660 [pid 6658] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6658] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6659] <... mknodat resumed>) = 0 [pid 6659] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6659] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6660 attached [pid 6660] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6660] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6660] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6660] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6660] chdir(".") = 0 [pid 6660] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6658] <... futex resumed>) = 0 [pid 6658] exit_group(0 [pid 6659] <... futex resumed>) = ? [pid 6658] <... exit_group resumed>) = ? [pid 6660] <... futex resumed>) = ? [pid 6659] +++ exited with 0 +++ [pid 6660] +++ exited with 0 +++ [pid 6658] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6658, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./550", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./550", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 133.808896][ T6659] loop0: detected capacity change from 0 to 1024 umount2("./550/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./550/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./550/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./550/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./550/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./550/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./550/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./550/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./550/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./550") = 0 mkdir("./551", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6661 ./strace-static-x86_64: Process 6661 attached [pid 6661] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6661] chdir("./551") = 0 [pid 6661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6661] setpgid(0, 0) = 0 [pid 6661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6661] write(3, "1000", 4) = 4 [pid 6661] close(3) = 0 [pid 6661] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6661] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6661] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6661] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6662 attached , parent_tid=[6662], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6662 [pid 6662] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6662] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6661] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6662] <... futex resumed>) = 0 [pid 6661] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6662] memfd_create("syzkaller", 0) = 3 [pid 6662] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6662] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6662] munmap(0x7f5464ee2000, 524288) = 0 [pid 6662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6662] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6662] close(3) = 0 [pid 6662] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6662] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6662] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6662] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6662] ioctl(4, LOOP_CLR_FD) = 0 [pid 6662] close(4) = 0 [pid 6662] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6661] <... futex resumed>) = 0 [pid 6661] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6661] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6662] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6661] <... mmap resumed>) = 0x7f5464f41000 [pid 6661] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6661] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6663], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6663 [pid 6661] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6661] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6662] <... mknodat resumed>) = 0 [pid 6662] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6663 attached ) = 0 [pid 6663] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6663] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6663] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6662] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6663] <... mount resumed>) = 0 [pid 6663] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6663] chdir(".") = 0 [pid 6663] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6661] <... futex resumed>) = 0 [pid 6661] exit_group(0) = ? [pid 6662] <... futex resumed>) = ? [pid 6662] +++ exited with 0 +++ [pid 6663] <... futex resumed>) = ? [pid 6663] +++ exited with 0 +++ [pid 6661] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6661, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./551", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./551", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./551/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./551/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./551/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./551/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./551/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 133.922580][ T6662] loop0: detected capacity change from 0 to 1024 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./551/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./551/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./551/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./551/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./551") = 0 mkdir("./552", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6664 ./strace-static-x86_64: Process 6664 attached [pid 6664] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6664] chdir("./552") = 0 [pid 6664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6664] setpgid(0, 0) = 0 [pid 6664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6664] write(3, "1000", 4) = 4 [pid 6664] close(3) = 0 [pid 6664] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6664] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6664] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6664] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6665 attached , parent_tid=[6665], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6665 [pid 6664] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6665] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6664] <... futex resumed>) = 0 [pid 6664] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6665] memfd_create("syzkaller", 0) = 3 [pid 6665] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6665] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6665] munmap(0x7f5464ee2000, 524288) = 0 [pid 6665] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6665] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6665] close(3) = 0 [pid 6665] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6665] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6665] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6665] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6665] ioctl(4, LOOP_CLR_FD) = 0 [pid 6665] close(4) = 0 [pid 6665] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6664] <... futex resumed>) = 0 [pid 6664] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6664] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6664] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6664] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6666 attached , parent_tid=[6666], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6666 [pid 6664] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6664] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6666] set_robust_list(0x7f5464f619e0, 24 [pid 6665] <... futex resumed>) = 1 [pid 6666] <... set_robust_list resumed>) = 0 [pid 6665] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6666] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6666] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6665] <... mknodat resumed>) = 0 [pid 6665] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6666] <... mount resumed>) = 0 [pid 6665] <... futex resumed>) = 0 [pid 6666] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6665] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6666] chdir(".") = 0 [pid 6666] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6664] <... futex resumed>) = 0 [pid 6666] <... futex resumed>) = 1 [pid 6664] exit_group(0) = ? [pid 6666] +++ exited with 0 +++ [pid 6665] <... futex resumed>) = ? [pid 6665] +++ exited with 0 +++ [pid 6664] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6664, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./552", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./552", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 134.026211][ T6665] loop0: detected capacity change from 0 to 1024 umount2("./552/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./552/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./552/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./552/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./552/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./552/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./552/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./552/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./552/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./552") = 0 mkdir("./553", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6667 attached , child_tidptr=0x5555561b25d0) = 6667 [pid 6667] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6667] chdir("./553") = 0 [pid 6667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6667] setpgid(0, 0) = 0 [pid 6667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6667] write(3, "1000", 4) = 4 [pid 6667] close(3) = 0 [pid 6667] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6667] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6667] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6667] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6668 attached , parent_tid=[6668], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6668 [pid 6668] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6668] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6667] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6668] <... futex resumed>) = 0 [pid 6667] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6668] memfd_create("syzkaller", 0) = 3 [pid 6668] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6668] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6668] munmap(0x7f5464ee2000, 524288) = 0 [pid 6668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6668] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6668] close(3) = 0 [pid 6668] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6668] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6668] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6668] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6668] ioctl(4, LOOP_CLR_FD) = 0 [pid 6668] close(4) = 0 [pid 6668] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6667] <... futex resumed>) = 0 [pid 6668] <... futex resumed>) = 1 [pid 6668] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6667] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6667] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6667] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6667] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6669], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6669 [pid 6667] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6667] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6669 attached [pid 6669] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6669] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6669] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6668] <... mknodat resumed>) = 0 [pid 6668] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6668] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6669] <... mount resumed>) = 0 [pid 6669] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6669] chdir(".") = 0 [ 134.136794][ T6668] loop0: detected capacity change from 0 to 1024 [pid 6669] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6667] <... futex resumed>) = 0 [pid 6669] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6667] exit_group(0) = ? [pid 6668] <... futex resumed>) = ? [pid 6668] +++ exited with 0 +++ [pid 6669] <... futex resumed>) = ? [pid 6669] +++ exited with 0 +++ [pid 6667] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6667, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./553", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./553", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./553/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./553/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./553/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./553/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./553/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./553/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./553/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./553/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./553/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./553") = 0 mkdir("./554", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6670 ./strace-static-x86_64: Process 6670 attached [pid 6670] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6670] chdir("./554") = 0 [pid 6670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6670] setpgid(0, 0) = 0 [pid 6670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6670] write(3, "1000", 4) = 4 [pid 6670] close(3) = 0 [pid 6670] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6670] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6670] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6670] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6670] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6671 attached , parent_tid=[6671], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6671 [pid 6671] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6671] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6670] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6671] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6670] <... futex resumed>) = 0 [pid 6670] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6671] memfd_create("syzkaller", 0) = 3 [pid 6671] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6671] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6671] munmap(0x7f5464ee2000, 524288) = 0 [pid 6671] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6671] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6671] close(3) = 0 [pid 6671] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6671] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6671] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6671] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6671] ioctl(4, LOOP_CLR_FD) = 0 [pid 6671] close(4) = 0 [pid 6671] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] <... futex resumed>) = 0 [pid 6670] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6670] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6670] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6670] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6670] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6672], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6672 [pid 6670] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6670] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6671] <... futex resumed>) = 1 [pid 6671] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6671] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6671] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6672 attached [pid 6672] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6672] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6672] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6672] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6672] chdir(".") = 0 [pid 6672] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6670] <... futex resumed>) = 0 [pid 6672] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6670] exit_group(0) = ? [pid 6671] <... futex resumed>) = ? [pid 6672] <... futex resumed>) = ? [pid 6671] +++ exited with 0 +++ [pid 6672] +++ exited with 0 +++ [pid 6670] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6670, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./554", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./554", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./554/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./554/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./554/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./554/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./554/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./554/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 134.251872][ T6671] loop0: detected capacity change from 0 to 1024 umount2("./554/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./554/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./554/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./554") = 0 mkdir("./555", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6673 ./strace-static-x86_64: Process 6673 attached [pid 6673] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6673] chdir("./555") = 0 [pid 6673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6673] setpgid(0, 0) = 0 [pid 6673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6673] write(3, "1000", 4) = 4 [pid 6673] close(3) = 0 [pid 6673] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6673] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6673] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6673] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6673] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6674 attached , parent_tid=[6674], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6674 [pid 6674] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6674] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6673] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6674] <... futex resumed>) = 0 [pid 6673] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6674] memfd_create("syzkaller", 0) = 3 [pid 6674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6674] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6674] munmap(0x7f5464ee2000, 524288) = 0 [pid 6674] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6674] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6674] close(3) = 0 [pid 6674] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6674] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6674] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6674] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6674] ioctl(4, LOOP_CLR_FD) = 0 [pid 6674] close(4) = 0 [pid 6674] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6673] <... futex resumed>) = 0 [pid 6673] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6673] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6673] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6674] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6673] <... mmap resumed>) = 0x7f5464f41000 [pid 6673] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6673] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6675], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6675 [pid 6673] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6675 attached [pid 6675] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6675] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6675] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6673] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6674] <... mknodat resumed>) = 0 [pid 6674] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6674] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6675] <... mount resumed>) = 0 [pid 6675] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6675] chdir(".") = 0 [pid 6675] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6673] <... futex resumed>) = 0 [pid 6673] exit_group(0) = ? [pid 6674] <... futex resumed>) = ? [pid 6674] +++ exited with 0 +++ [pid 6675] +++ exited with 0 +++ [pid 6673] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6673, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./555", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./555", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./555/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./555/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./555/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./555/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./555/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 134.361776][ T6674] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./555/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./555/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./555/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./555/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./555") = 0 mkdir("./556", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6676 ./strace-static-x86_64: Process 6676 attached [pid 6676] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6676] chdir("./556") = 0 [pid 6676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6676] setpgid(0, 0) = 0 [pid 6676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6676] write(3, "1000", 4) = 4 [pid 6676] close(3) = 0 [pid 6676] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6676] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6676] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6676] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6676] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6677 attached , parent_tid=[6677], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6677 [pid 6676] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6676] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6677] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6677] memfd_create("syzkaller", 0) = 3 [pid 6677] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6677] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6677] munmap(0x7f5464ee2000, 524288) = 0 [pid 6677] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6677] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6677] close(3) = 0 [pid 6677] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6677] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6677] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6677] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6677] ioctl(4, LOOP_CLR_FD) = 0 [pid 6677] close(4) = 0 [pid 6677] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6676] <... futex resumed>) = 0 [pid 6677] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6676] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6677] <... futex resumed>) = 0 [pid 6676] <... futex resumed>) = 1 [pid 6677] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6676] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6676] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6676] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 6677] <... mknodat resumed>) = 0 [pid 6676] <... mprotect resumed>) = 0 [pid 6677] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6676] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6677] <... futex resumed>) = 0 [pid 6677] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6678 attached [pid 6678] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6678] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6676] <... clone resumed>, parent_tid=[6678], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6678 [pid 6676] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6676] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6678] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6678] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6678] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6678] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6678] chdir(".") = 0 [pid 6678] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6676] <... futex resumed>) = 0 [pid 6678] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6676] exit_group(0 [pid 6677] <... futex resumed>) = ? [pid 6676] <... exit_group resumed>) = ? [pid 6677] +++ exited with 0 +++ [pid 6678] <... futex resumed>) = ? [pid 6678] +++ exited with 0 +++ [pid 6676] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6676, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./556", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./556", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./556/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./556/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./556/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./556/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./556/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 134.474096][ T6677] loop0: detected capacity change from 0 to 1024 rmdir("./556/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./556/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./556/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./556/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./556") = 0 mkdir("./557", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6679 attached [pid 6679] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6679] chdir("./557") = 0 [pid 4999] <... clone resumed>, child_tidptr=0x5555561b25d0) = 6679 [pid 6679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6679] setpgid(0, 0) = 0 [pid 6679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6679] write(3, "1000", 4) = 4 [pid 6679] close(3) = 0 [pid 6679] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6679] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6679] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6679] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6680], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6680 [pid 6679] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6679] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6680 attached [pid 6680] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6680] memfd_create("syzkaller", 0) = 3 [pid 6680] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6680] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6680] munmap(0x7f5464ee2000, 524288) = 0 [pid 6680] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6680] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6680] close(3) = 0 [pid 6680] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6680] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6680] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6680] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6680] ioctl(4, LOOP_CLR_FD) = 0 [pid 6680] close(4) = 0 [pid 6680] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6679] <... futex resumed>) = 0 [pid 6679] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6679] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6679] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6679] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6681], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6681 [pid 6679] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6679] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6680] <... futex resumed>) = 1 [pid 6680] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6681 attached [pid 6681] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6681] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6680] <... mknodat resumed>) = 0 [pid 6681] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6680] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6680] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6681] <... mount resumed>) = 0 [pid 6681] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6681] chdir(".") = 0 [pid 6681] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6679] <... futex resumed>) = 0 [pid 6679] exit_group(0) = ? [pid 6680] <... futex resumed>) = ? [pid 6680] +++ exited with 0 +++ [pid 6681] +++ exited with 0 +++ [pid 6679] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6679, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./557", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./557", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./557/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 134.572322][ T6680] loop0: detected capacity change from 0 to 1024 umount2("./557/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./557/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./557/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./557/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./557/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./557/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./557/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./557/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./557") = 0 mkdir("./558", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6682 attached , child_tidptr=0x5555561b25d0) = 6682 [pid 6682] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6682] chdir("./558") = 0 [pid 6682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6682] setpgid(0, 0) = 0 [pid 6682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6682] write(3, "1000", 4) = 4 [pid 6682] close(3) = 0 [pid 6682] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6682] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6682] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6682] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6683 attached , parent_tid=[6683], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6683 [pid 6683] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6683] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6682] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6683] <... futex resumed>) = 0 [pid 6682] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6683] memfd_create("syzkaller", 0) = 3 [pid 6683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6683] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6683] munmap(0x7f5464ee2000, 524288) = 0 [pid 6683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6683] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6683] close(3) = 0 [pid 6683] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6683] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6683] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6683] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6683] ioctl(4, LOOP_CLR_FD) = 0 [pid 6683] close(4) = 0 [pid 6683] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6682] <... futex resumed>) = 0 [pid 6683] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6682] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6683] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6682] <... futex resumed>) = 0 [pid 6683] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6682] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6682] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6682] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6684], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6684 [pid 6682] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6682] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6684 attached [pid 6684] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6684] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6684] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6683] <... mknodat resumed>) = 0 [pid 6684] <... mount resumed>) = 0 [pid 6683] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6684] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6684] chdir("." [pid 6683] <... futex resumed>) = 0 [pid 6684] <... chdir resumed>) = 0 [pid 6683] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6684] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6682] <... futex resumed>) = 0 [pid 6682] exit_group(0) = ? [pid 6684] <... futex resumed>) = ? [pid 6684] +++ exited with 0 +++ [pid 6683] <... futex resumed>) = ? [pid 6683] +++ exited with 0 +++ [pid 6682] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6682, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./558", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./558", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./558/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./558/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./558/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./558/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./558/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 [ 134.688262][ T6683] loop0: detected capacity change from 0 to 1024 close(4) = 0 rmdir("./558/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./558/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./558/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./558/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./558") = 0 mkdir("./559", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6685 ./strace-static-x86_64: Process 6685 attached [pid 6685] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6685] chdir("./559") = 0 [pid 6685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6685] setpgid(0, 0) = 0 [pid 6685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6685] write(3, "1000", 4) = 4 [pid 6685] close(3) = 0 [pid 6685] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6685] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6685] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6685] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6686 attached , parent_tid=[6686], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6686 [pid 6686] set_robust_list(0x7f546d3029e0, 24 [pid 6685] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6686] <... set_robust_list resumed>) = 0 [pid 6685] <... futex resumed>) = 0 [pid 6686] memfd_create("syzkaller", 0 [pid 6685] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6686] <... memfd_create resumed>) = 3 [pid 6686] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6686] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6686] munmap(0x7f5464ee2000, 524288) = 0 [pid 6686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6686] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6686] close(3) = 0 [pid 6686] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6686] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6686] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6686] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6686] ioctl(4, LOOP_CLR_FD) = 0 [pid 6686] close(4) = 0 [pid 6686] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6685] <... futex resumed>) = 0 [pid 6685] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6685] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6686] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6685] <... mmap resumed>) = 0x7f5464f41000 [pid 6685] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6685] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6687], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6687 [pid 6685] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6685] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6686] <... mknodat resumed>) = 0 [pid 6686] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6687 attached [pid 6687] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6686] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6687] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6687] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6687] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6687] chdir(".") = 0 [pid 6687] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6685] <... futex resumed>) = 0 [pid 6687] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6685] exit_group(0 [pid 6687] <... futex resumed>) = ? [pid 6685] <... exit_group resumed>) = ? [pid 6686] <... futex resumed>) = ? [pid 6686] +++ exited with 0 +++ [pid 6687] +++ exited with 0 +++ [pid 6685] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6685, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./559", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./559", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./559/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 134.809697][ T6686] loop0: detected capacity change from 0 to 1024 umount2("./559/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./559/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./559/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./559/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./559/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./559/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./559/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./559/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./559") = 0 mkdir("./560", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6688 ./strace-static-x86_64: Process 6688 attached [pid 6688] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6688] chdir("./560") = 0 [pid 6688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6688] setpgid(0, 0) = 0 [pid 6688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6688] write(3, "1000", 4) = 4 [pid 6688] close(3) = 0 [pid 6688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6688] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6688] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6688] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6689 attached , parent_tid=[6689], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6689 [pid 6688] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6688] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6689] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6689] memfd_create("syzkaller", 0) = 3 [pid 6689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6689] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6689] munmap(0x7f5464ee2000, 524288) = 0 [pid 6689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6689] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6689] close(3) = 0 [pid 6689] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6689] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6689] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6689] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6689] ioctl(4, LOOP_CLR_FD) = 0 [pid 6689] close(4) = 0 [pid 6689] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6688] <... futex resumed>) = 0 [pid 6688] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6688] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6689] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6688] <... mmap resumed>) = 0x7f5464f41000 [pid 6688] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6688] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6690], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6690 [pid 6688] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6688] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6690 attached [pid 6690] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6690] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6690] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6689] <... mknodat resumed>) = 0 [pid 6690] <... mount resumed>) = 0 [pid 6690] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6690] chdir(".") = 0 [pid 6690] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] <... futex resumed>) = 0 [pid 6690] <... futex resumed>) = 1 [pid 6690] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6689] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] exit_group(0) = ? [pid 6690] <... futex resumed>) = ? [pid 6690] +++ exited with 0 +++ [pid 6689] <... futex resumed>) = ? [pid 6689] +++ exited with 0 +++ [pid 6688] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6688, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./560", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./560", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./560/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./560/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./560/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./560/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./560/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./560/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./560/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 134.922049][ T6689] loop0: detected capacity change from 0 to 1024 lstat("./560/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./560/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./560") = 0 mkdir("./561", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6691 ./strace-static-x86_64: Process 6691 attached [pid 6691] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6691] chdir("./561") = 0 [pid 6691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6691] setpgid(0, 0) = 0 [pid 6691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6691] write(3, "1000", 4) = 4 [pid 6691] close(3) = 0 [pid 6691] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6691] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6691] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6691] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6692], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6692 [pid 6691] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6691] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6692 attached [pid 6692] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6692] memfd_create("syzkaller", 0) = 3 [pid 6692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6692] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6692] munmap(0x7f5464ee2000, 524288) = 0 [pid 6692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6692] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6692] close(3) = 0 [pid 6692] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6692] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6692] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6692] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6692] ioctl(4, LOOP_CLR_FD) = 0 [pid 6692] close(4) = 0 [pid 6692] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6691] <... futex resumed>) = 0 [pid 6691] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6691] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6691] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6691] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6692] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6691] <... clone resumed>, parent_tid=[6693], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6693 [pid 6691] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6691] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6693 attached [pid 6693] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6693] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6693] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6692] <... mknodat resumed>) = 0 [pid 6693] <... mount resumed>) = 0 [pid 6693] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6693] chdir(".") = 0 [pid 6693] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6691] <... futex resumed>) = 0 [pid 6693] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6692] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6692] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6691] exit_group(0) = ? [pid 6692] <... futex resumed>) = ? [pid 6692] +++ exited with 0 +++ [pid 6693] <... futex resumed>) = ? [pid 6693] +++ exited with 0 +++ [pid 6691] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6691, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./561", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./561", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./561/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 135.040619][ T6692] loop0: detected capacity change from 0 to 1024 umount2("./561/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./561/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./561/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./561/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./561/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./561/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./561/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./561/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./561") = 0 mkdir("./562", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6694 ./strace-static-x86_64: Process 6694 attached [pid 6694] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6694] chdir("./562") = 0 [pid 6694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6694] setpgid(0, 0) = 0 [pid 6694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6694] write(3, "1000", 4) = 4 [pid 6694] close(3) = 0 [pid 6694] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6694] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6694] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6694] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6695 attached [pid 6695] set_robust_list(0x7f546d3029e0, 24 [pid 6694] <... clone resumed>, parent_tid=[6695], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6695 [pid 6695] <... set_robust_list resumed>) = 0 [pid 6694] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6694] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6695] memfd_create("syzkaller", 0) = 3 [pid 6695] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6695] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6695] munmap(0x7f5464ee2000, 524288) = 0 [pid 6695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6695] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6695] close(3) = 0 [pid 6695] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6695] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6695] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6695] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6695] ioctl(4, LOOP_CLR_FD) = 0 [pid 6695] close(4) = 0 [pid 6695] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6695] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6694] <... futex resumed>) = 0 [pid 6694] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6695] <... futex resumed>) = 0 [pid 6694] <... futex resumed>) = 1 [pid 6695] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6694] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6694] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6695] <... mknodat resumed>) = 0 [pid 6694] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6695] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6695] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6694] <... clone resumed>, parent_tid=[6696], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6696 ./strace-static-x86_64: Process 6696 attached [pid 6694] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6696] set_robust_list(0x7f5464f619e0, 24 [pid 6694] <... futex resumed>) = 0 [pid 6696] <... set_robust_list resumed>) = 0 [pid 6694] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6696] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6696] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6696] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6696] chdir(".") = 0 [pid 6696] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6694] <... futex resumed>) = 0 [pid 6696] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6694] exit_group(0 [pid 6695] <... futex resumed>) = ? [pid 6694] <... exit_group resumed>) = ? [pid 6695] +++ exited with 0 +++ [pid 6696] <... futex resumed>) = ? [pid 6696] +++ exited with 0 +++ [pid 6694] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6694, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./562", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./562", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 135.152995][ T6695] loop0: detected capacity change from 0 to 1024 umount2("./562/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./562/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./562/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./562/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./562/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./562/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./562/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./562/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./562/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./562") = 0 mkdir("./563", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6697 ./strace-static-x86_64: Process 6697 attached [pid 6697] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6697] chdir("./563") = 0 [pid 6697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6697] setpgid(0, 0) = 0 [pid 6697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6697] write(3, "1000", 4) = 4 [pid 6697] close(3) = 0 [pid 6697] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6697] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6697] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6697] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6698 attached [pid 6698] set_robust_list(0x7f546d3029e0, 24 [pid 6697] <... clone resumed>, parent_tid=[6698], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6698 [pid 6697] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6697] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6698] <... set_robust_list resumed>) = 0 [pid 6698] memfd_create("syzkaller", 0) = 3 [pid 6698] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6698] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6698] munmap(0x7f5464ee2000, 524288) = 0 [pid 6698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6698] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6698] close(3) = 0 [pid 6698] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6698] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6698] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6698] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6698] ioctl(4, LOOP_CLR_FD) = 0 [pid 6698] close(4) = 0 [pid 6698] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6698] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6697] <... futex resumed>) = 0 [pid 6697] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6698] <... futex resumed>) = 0 [pid 6697] <... futex resumed>) = 1 [pid 6698] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6697] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6697] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6697] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6699], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6699 [pid 6697] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6697] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6698] <... mknodat resumed>) = 0 [pid 6698] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6698] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6699 attached [pid 6699] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6699] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6699] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6699] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6699] chdir(".") = 0 [pid 6699] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6697] <... futex resumed>) = 0 [pid 6697] exit_group(0 [pid 6698] <... futex resumed>) = ? [pid 6697] <... exit_group resumed>) = ? [pid 6698] +++ exited with 0 +++ [pid 6699] +++ exited with 0 +++ [pid 6697] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6697, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./563", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./563", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./563/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./563/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./563/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./563/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./563/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./563/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./563/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./563/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./563/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./563") = 0 [ 135.271491][ T6698] loop0: detected capacity change from 0 to 1024 mkdir("./564", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6700 ./strace-static-x86_64: Process 6700 attached [pid 6700] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6700] chdir("./564") = 0 [pid 6700] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6700] setpgid(0, 0) = 0 [pid 6700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6700] write(3, "1000", 4) = 4 [pid 6700] close(3) = 0 [pid 6700] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6700] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6700] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6700] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6700] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6701], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6701 [pid 6700] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6700] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6701 attached [pid 6701] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6701] memfd_create("syzkaller", 0) = 3 [pid 6701] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6701] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6701] munmap(0x7f5464ee2000, 524288) = 0 [pid 6701] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6701] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6701] close(3) = 0 [pid 6701] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6701] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6701] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6701] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6701] ioctl(4, LOOP_CLR_FD) = 0 [pid 6701] close(4) = 0 [pid 6701] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6700] <... futex resumed>) = 0 [pid 6700] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6700] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6700] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6700] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6700] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6702], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6702 [pid 6700] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6700] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6701] <... futex resumed>) = 1 [pid 6701] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6702 attached ) = 0 [pid 6701] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6701] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6702] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6702] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6702] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6702] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6702] chdir(".") = 0 [pid 6702] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6700] <... futex resumed>) = 0 [pid 6702] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6700] exit_group(0 [pid 6702] <... futex resumed>) = ? [pid 6701] <... futex resumed>) = ? [pid 6700] <... exit_group resumed>) = ? [pid 6702] +++ exited with 0 +++ [pid 6701] +++ exited with 0 +++ [pid 6700] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6700, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./564", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./564", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./564/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 135.371287][ T6701] loop0: detected capacity change from 0 to 1024 umount2("./564/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./564/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./564/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./564/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./564/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./564/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./564/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./564/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./564") = 0 mkdir("./565", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6703 ./strace-static-x86_64: Process 6703 attached [pid 6703] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6703] chdir("./565") = 0 [pid 6703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6703] setpgid(0, 0) = 0 [pid 6703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6703] write(3, "1000", 4) = 4 [pid 6703] close(3) = 0 [pid 6703] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6703] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6703] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6703] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6703] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6704 attached , parent_tid=[6704], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6704 [pid 6704] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6704] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6703] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6704] <... futex resumed>) = 0 [pid 6703] <... futex resumed>) = 1 [pid 6703] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6704] memfd_create("syzkaller", 0) = 3 [pid 6704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6704] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6704] munmap(0x7f5464ee2000, 524288) = 0 [pid 6704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6704] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6704] close(3) = 0 [pid 6704] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6704] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6704] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6704] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6704] ioctl(4, LOOP_CLR_FD) = 0 [pid 6704] close(4) = 0 [pid 6704] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6704] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6703] <... futex resumed>) = 0 [pid 6703] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6704] <... futex resumed>) = 0 [pid 6704] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6703] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6703] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6703] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6703] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6704] <... mknodat resumed>) = 0 [pid 6703] <... clone resumed>, parent_tid=[6705], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6705 [pid 6703] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6703] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6705 attached [pid 6704] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6705] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6705] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6705] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6705] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6705] chdir("." [pid 6704] <... futex resumed>) = 0 [pid 6704] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6705] <... chdir resumed>) = 0 [pid 6705] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6705] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6703] <... futex resumed>) = 0 [pid 6703] exit_group(0) = ? [pid 6705] <... futex resumed>) = ? [pid 6704] <... futex resumed>) = ? [pid 6704] +++ exited with 0 +++ [pid 6705] +++ exited with 0 +++ [pid 6703] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6703, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./565", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./565", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./565/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./565/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./565/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./565/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./565/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./565/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./565/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./565/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./565/binderfs") = 0 [ 135.486012][ T6704] loop0: detected capacity change from 0 to 1024 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./565") = 0 mkdir("./566", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6706 attached , child_tidptr=0x5555561b25d0) = 6706 [pid 6706] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6706] chdir("./566") = 0 [pid 6706] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6706] setpgid(0, 0) = 0 [pid 6706] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6706] write(3, "1000", 4) = 4 [pid 6706] close(3) = 0 [pid 6706] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6706] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6706] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6706] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6706] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6707], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6707 [pid 6706] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6707 attached [pid 6707] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6706] <... futex resumed>) = 0 [pid 6707] memfd_create("syzkaller", 0) = 3 [pid 6707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6706] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6707] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6707] munmap(0x7f5464ee2000, 524288) = 0 [pid 6707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6707] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6707] close(3) = 0 [pid 6707] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6707] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6707] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6707] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6707] ioctl(4, LOOP_CLR_FD) = 0 [pid 6707] close(4) = 0 [pid 6707] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6707] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6706] <... futex resumed>) = 0 [pid 6706] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6706] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6706] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6706] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6706] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6707] <... futex resumed>) = 0 [pid 6707] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6706] <... clone resumed>, parent_tid=[6708], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6708 [pid 6706] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6708 attached ) = 0 [pid 6708] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6708] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6708] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6706] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6707] <... mknodat resumed>) = 0 [pid 6708] <... mount resumed>) = 0 [pid 6708] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6708] chdir("." [pid 6707] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6708] <... chdir resumed>) = 0 [pid 6708] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6708] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6706] <... futex resumed>) = 0 [pid 6707] <... futex resumed>) = 0 [pid 6707] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6706] exit_group(0 [pid 6708] <... futex resumed>) = ? [pid 6707] <... futex resumed>) = ? [pid 6706] <... exit_group resumed>) = ? [pid 6708] +++ exited with 0 +++ [pid 6707] +++ exited with 0 +++ [pid 6706] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6706, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./566", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./566", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./566/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./566/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./566/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./566/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./566/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 135.577845][ T6707] loop0: detected capacity change from 0 to 1024 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./566/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./566/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./566/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./566/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./566") = 0 mkdir("./567", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6709 ./strace-static-x86_64: Process 6709 attached [pid 6709] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6709] chdir("./567") = 0 [pid 6709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6709] setpgid(0, 0) = 0 [pid 6709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6709] write(3, "1000", 4) = 4 [pid 6709] close(3) = 0 [pid 6709] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6709] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6709] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6709] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6710 attached [pid 6710] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6710] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6709] <... clone resumed>, parent_tid=[6710], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6710 [pid 6709] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6710] <... futex resumed>) = 0 [pid 6709] <... futex resumed>) = 1 [pid 6709] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6710] memfd_create("syzkaller", 0) = 3 [pid 6710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6710] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6710] munmap(0x7f5464ee2000, 524288) = 0 [pid 6710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6710] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6710] close(3) = 0 [pid 6710] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6710] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6710] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6710] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6710] ioctl(4, LOOP_CLR_FD) = 0 [pid 6710] close(4) = 0 [pid 6710] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6710] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6709] <... futex resumed>) = 0 [pid 6709] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6710] <... futex resumed>) = 0 [pid 6709] <... futex resumed>) = 1 [pid 6710] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6709] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6709] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6710] <... mknodat resumed>) = 0 [pid 6709] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6711], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6711 [pid 6709] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6709] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6711 attached [pid 6711] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6711] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6711] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6710] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6710] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6711] <... mount resumed>) = 0 [pid 6711] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6711] chdir(".") = 0 [pid 6711] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6709] <... futex resumed>) = 0 [pid 6711] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6709] exit_group(0 [pid 6711] <... futex resumed>) = ? [pid 6709] <... exit_group resumed>) = ? [pid 6711] +++ exited with 0 +++ [pid 6710] <... futex resumed>) = ? [pid 6710] +++ exited with 0 +++ [pid 6709] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6709, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./567", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 135.691356][ T6710] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "./567", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./567/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./567/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./567/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./567/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./567/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./567/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./567/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./567/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./567/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./567") = 0 mkdir("./568", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6712 ./strace-static-x86_64: Process 6712 attached [pid 6712] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6712] chdir("./568") = 0 [pid 6712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6712] setpgid(0, 0) = 0 [pid 6712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6712] write(3, "1000", 4) = 4 [pid 6712] close(3) = 0 [pid 6712] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6712] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6712] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6712] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6713 attached , parent_tid=[6713], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6713 [pid 6712] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6712] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6713] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6713] memfd_create("syzkaller", 0) = 3 [pid 6713] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6713] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6713] munmap(0x7f5464ee2000, 524288) = 0 [pid 6713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6713] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6713] close(3) = 0 [pid 6713] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6713] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6713] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6713] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6713] ioctl(4, LOOP_CLR_FD) = 0 [pid 6713] close(4) = 0 [pid 6713] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6712] <... futex resumed>) = 0 [pid 6713] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6712] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6712] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6712] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 6713] <... mknodat resumed>) = 0 [pid 6712] <... mprotect resumed>) = 0 [pid 6712] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6714], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6714 ./strace-static-x86_64: Process 6714 attached [pid 6712] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6713] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6712] <... futex resumed>) = 0 [pid 6713] <... futex resumed>) = 0 [pid 6712] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6713] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6714] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6714] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6714] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6714] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6714] chdir(".") = 0 [pid 6714] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6712] <... futex resumed>) = 0 [pid 6714] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6712] exit_group(0 [pid 6714] <... futex resumed>) = ? [pid 6713] <... futex resumed>) = ? [pid 6712] <... exit_group resumed>) = ? [pid 6714] +++ exited with 0 +++ [pid 6713] +++ exited with 0 +++ [pid 6712] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6712, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./568", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./568", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./568/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 135.816264][ T6713] loop0: detected capacity change from 0 to 1024 umount2("./568/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./568/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./568/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./568/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./568/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./568/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./568/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./568/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./568") = 0 mkdir("./569", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6715 ./strace-static-x86_64: Process 6715 attached [pid 6715] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6715] chdir("./569") = 0 [pid 6715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6715] setpgid(0, 0) = 0 [pid 6715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6715] write(3, "1000", 4) = 4 [pid 6715] close(3) = 0 [pid 6715] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6715] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6715] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6715] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6715] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6716 attached , parent_tid=[6716], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6716 [pid 6715] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6715] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6716] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6716] memfd_create("syzkaller", 0) = 3 [pid 6716] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6716] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6716] munmap(0x7f5464ee2000, 524288) = 0 [pid 6716] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6716] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6716] close(3) = 0 [pid 6716] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6716] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6716] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6716] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6716] ioctl(4, LOOP_CLR_FD) = 0 [pid 6716] close(4) = 0 [pid 6716] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6715] <... futex resumed>) = 0 [pid 6716] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6715] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6715] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6715] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6715] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6715] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6717], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6717 [pid 6716] <... mknodat resumed>) = 0 [pid 6715] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6715] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6716] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6717 attached [pid 6717] set_robust_list(0x7f5464f619e0, 24 [pid 6716] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6717] <... set_robust_list resumed>) = 0 [pid 6717] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6717] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6717] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6717] chdir(".") = 0 [pid 6717] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6715] <... futex resumed>) = 0 [pid 6715] exit_group(0 [pid 6716] <... futex resumed>) = ? [pid 6715] <... exit_group resumed>) = ? [pid 6716] +++ exited with 0 +++ [pid 6717] +++ exited with 0 +++ [pid 6715] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6715, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./569", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./569", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./569/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 135.928622][ T6716] loop0: detected capacity change from 0 to 1024 umount2("./569/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./569/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./569/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./569/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./569/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./569/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./569/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./569/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./569") = 0 mkdir("./570", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6718 ./strace-static-x86_64: Process 6718 attached [pid 6718] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6718] chdir("./570") = 0 [pid 6718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6718] setpgid(0, 0) = 0 [pid 6718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6718] write(3, "1000", 4) = 4 [pid 6718] close(3) = 0 [pid 6718] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6718] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6718] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6718] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6719 attached , parent_tid=[6719], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6719 [pid 6718] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6718] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6719] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6719] memfd_create("syzkaller", 0) = 3 [pid 6719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6719] munmap(0x7f5464ee2000, 524288) = 0 [pid 6719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6719] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6719] close(3) = 0 [pid 6719] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6719] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6719] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6719] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6719] ioctl(4, LOOP_CLR_FD) = 0 [pid 6719] close(4) = 0 [pid 6719] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] <... futex resumed>) = 0 [pid 6718] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6718] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6718] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6718] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6720], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6720 [pid 6718] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6718] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6719] <... futex resumed>) = 1 [pid 6719] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6719] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6719] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6720 attached [pid 6720] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6720] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6720] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6720] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6720] chdir(".") = 0 [pid 6720] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] <... futex resumed>) = 0 [pid 6718] exit_group(0 [pid 6719] <... futex resumed>) = ? [pid 6718] <... exit_group resumed>) = ? [pid 6719] +++ exited with 0 +++ [pid 6720] <... futex resumed>) = ? [pid 6720] +++ exited with 0 +++ [pid 6718] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6718, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./570", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./570", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./570/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./570/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./570/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 136.041174][ T6719] loop0: detected capacity change from 0 to 1024 umount2("./570/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./570/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./570/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./570/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./570/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./570/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./570") = 0 mkdir("./571", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6721 attached [pid 6721] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6721] chdir("./571" [pid 4999] <... clone resumed>, child_tidptr=0x5555561b25d0) = 6721 [pid 6721] <... chdir resumed>) = 0 [pid 6721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6721] setpgid(0, 0) = 0 [pid 6721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6721] write(3, "1000", 4) = 4 [pid 6721] close(3) = 0 [pid 6721] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6721] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6721] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6721] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6721] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6722 attached [pid 6722] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6722] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6721] <... clone resumed>, parent_tid=[6722], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6722 [pid 6721] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6722] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6721] <... futex resumed>) = 0 [pid 6721] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6722] memfd_create("syzkaller", 0) = 3 [pid 6722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6722] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6722] munmap(0x7f5464ee2000, 524288) = 0 [pid 6722] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6722] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6722] close(3) = 0 [pid 6722] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6722] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6722] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6722] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6722] ioctl(4, LOOP_CLR_FD) = 0 [pid 6722] close(4) = 0 [pid 6722] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6721] <... futex resumed>) = 0 [pid 6721] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6721] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6721] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6721] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6721] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6723 attached , parent_tid=[6723], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6723 [pid 6721] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6721] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6722] <... futex resumed>) = 1 [pid 6722] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6723] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6723] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6723] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6722] <... mknodat resumed>) = 0 [pid 6722] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6722] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6723] <... mount resumed>) = 0 [pid 6723] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6723] chdir(".") = 0 [pid 6723] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6721] <... futex resumed>) = 0 [pid 6723] <... futex resumed>) = 1 [pid 6721] exit_group(0 [pid 6723] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6722] <... futex resumed>) = ? [pid 6721] <... exit_group resumed>) = ? [pid 6722] +++ exited with 0 +++ [pid 6723] <... futex resumed>) = ? [pid 6723] +++ exited with 0 +++ [pid 6721] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6721, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./571", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./571", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 136.141727][ T6722] loop0: detected capacity change from 0 to 1024 umount2("./571/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./571/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./571/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./571/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./571/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./571/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./571/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./571/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./571/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./571") = 0 mkdir("./572", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6724 ./strace-static-x86_64: Process 6724 attached [pid 6724] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6724] chdir("./572") = 0 [pid 6724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6724] setpgid(0, 0) = 0 [pid 6724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6724] write(3, "1000", 4) = 4 [pid 6724] close(3) = 0 [pid 6724] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6724] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6724] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6724] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6724] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6725 attached , parent_tid=[6725], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6725 [pid 6724] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6724] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6725] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6725] memfd_create("syzkaller", 0) = 3 [pid 6725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6725] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6725] munmap(0x7f5464ee2000, 524288) = 0 [pid 6725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6725] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6725] close(3) = 0 [pid 6725] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6725] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6725] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6725] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6725] ioctl(4, LOOP_CLR_FD) = 0 [pid 6725] close(4) = 0 [pid 6725] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6724] <... futex resumed>) = 0 [pid 6724] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6724] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6724] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6725] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6724] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6724] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6726], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6726 [pid 6724] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6724] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6726 attached [pid 6726] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6726] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6726] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6725] <... mknodat resumed>) = 0 [pid 6725] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6725] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6726] <... mount resumed>) = 0 [pid 6726] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6726] chdir(".") = 0 [pid 6726] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6724] <... futex resumed>) = 0 [pid 6724] exit_group(0 [pid 6725] <... futex resumed>) = ? [pid 6724] <... exit_group resumed>) = ? [pid 6725] +++ exited with 0 +++ [ 136.251612][ T6725] loop0: detected capacity change from 0 to 1024 [pid 6726] +++ exited with 0 +++ [pid 6724] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6724, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./572", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./572", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./572/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./572/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./572/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./572/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./572/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./572/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./572/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./572/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./572/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./572") = 0 mkdir("./573", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6727 ./strace-static-x86_64: Process 6727 attached [pid 6727] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6727] chdir("./573") = 0 [pid 6727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6727] setpgid(0, 0) = 0 [pid 6727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6727] write(3, "1000", 4) = 4 [pid 6727] close(3) = 0 [pid 6727] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6727] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6727] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6727] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6728], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6728 [pid 6727] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6727] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6728 attached [pid 6728] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6728] memfd_create("syzkaller", 0) = 3 [pid 6728] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6728] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6728] munmap(0x7f5464ee2000, 524288) = 0 [pid 6728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6728] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6728] close(3) = 0 [pid 6728] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6728] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6728] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6728] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6728] ioctl(4, LOOP_CLR_FD) = 0 [pid 6728] close(4) = 0 [pid 6728] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6727] <... futex resumed>) = 0 [pid 6727] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6727] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6728] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6727] <... mmap resumed>) = 0x7f5464f41000 [pid 6727] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6727] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6729], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6729 [pid 6727] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6727] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6729 attached [pid 6729] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6729] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6729] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6728] <... mknodat resumed>) = 0 [pid 6728] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6729] <... mount resumed>) = 0 [pid 6729] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6729] chdir(".") = 0 [pid 6729] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6727] <... futex resumed>) = 0 [pid 6729] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6727] exit_group(0 [pid 6729] <... futex resumed>) = ? [pid 6728] <... futex resumed>) = ? [pid 6727] <... exit_group resumed>) = ? [pid 6728] +++ exited with 0 +++ [pid 6729] +++ exited with 0 +++ [pid 6727] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6727, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./573", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./573", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 136.356833][ T6728] loop0: detected capacity change from 0 to 1024 umount2("./573/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./573/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./573/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./573/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./573/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./573/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./573/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./573/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./573/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./573") = 0 mkdir("./574", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6730 ./strace-static-x86_64: Process 6730 attached [pid 6730] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6730] chdir("./574") = 0 [pid 6730] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6730] setpgid(0, 0) = 0 [pid 6730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6730] write(3, "1000", 4) = 4 [pid 6730] close(3) = 0 [pid 6730] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6730] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6730] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6730] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6730] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6731 attached , parent_tid=[6731], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6731 [pid 6731] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6731] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6730] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6731] <... futex resumed>) = 0 [pid 6730] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6731] memfd_create("syzkaller", 0) = 3 [pid 6731] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6731] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6731] munmap(0x7f5464ee2000, 524288) = 0 [pid 6731] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6731] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6731] close(3) = 0 [pid 6731] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6731] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6731] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6731] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6731] ioctl(4, LOOP_CLR_FD) = 0 [pid 6731] close(4) = 0 [pid 6731] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6730] <... futex resumed>) = 0 [pid 6730] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6730] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6730] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6730] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6730] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6731] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6730] <... clone resumed>, parent_tid=[6732], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6732 [pid 6730] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6730] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6732 attached [pid 6731] <... mknodat resumed>) = 0 [pid 6732] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6731] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6731] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6732] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6732] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6732] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6732] chdir(".") = 0 [pid 6732] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6730] <... futex resumed>) = 0 [pid 6732] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6730] exit_group(0 [pid 6732] <... futex resumed>) = ? [pid 6730] <... exit_group resumed>) = ? [pid 6732] +++ exited with 0 +++ [pid 6731] <... futex resumed>) = ? [pid 6731] +++ exited with 0 +++ [pid 6730] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6730, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./574", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./574", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./574/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 136.489785][ T6731] loop0: detected capacity change from 0 to 1024 umount2("./574/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./574/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./574/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./574/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./574/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./574/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./574/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./574/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./574") = 0 mkdir("./575", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6733 ./strace-static-x86_64: Process 6733 attached [pid 6733] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6733] chdir("./575") = 0 [pid 6733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6733] setpgid(0, 0) = 0 [pid 6733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6733] write(3, "1000", 4) = 4 [pid 6733] close(3) = 0 [pid 6733] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6733] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6733] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6733] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6734 attached , parent_tid=[6734], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6734 [pid 6734] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6734] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6733] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6734] <... futex resumed>) = 0 [pid 6733] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6734] memfd_create("syzkaller", 0) = 3 [pid 6734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6734] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6734] munmap(0x7f5464ee2000, 524288) = 0 [pid 6734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6734] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6734] close(3) = 0 [pid 6734] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6734] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6734] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6734] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6734] ioctl(4, LOOP_CLR_FD) = 0 [pid 6734] close(4) = 0 [pid 6734] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... futex resumed>) = 0 [pid 6733] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6733] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6733] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6733] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6735], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6735 [pid 6733] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6733] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6734] <... futex resumed>) = 1 [pid 6734] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6735 attached [pid 6735] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6735] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6735] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6734] <... mknodat resumed>) = 0 [pid 6735] <... mount resumed>) = 0 [pid 6734] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6734] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6735] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6735] chdir(".") = 0 [pid 6735] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6733] <... futex resumed>) = 0 [pid 6733] exit_group(0 [pid 6734] <... futex resumed>) = ? [pid 6733] <... exit_group resumed>) = ? [pid 6734] +++ exited with 0 +++ [pid 6735] +++ exited with 0 +++ [pid 6733] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6733, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./575", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./575", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 136.593984][ T6734] loop0: detected capacity change from 0 to 1024 umount2("./575/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./575/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./575/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./575/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./575/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./575/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./575/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./575/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./575/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./575") = 0 mkdir("./576", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6736 ./strace-static-x86_64: Process 6736 attached [pid 6736] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6736] chdir("./576") = 0 [pid 6736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6736] setpgid(0, 0) = 0 [pid 6736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6736] write(3, "1000", 4) = 4 [pid 6736] close(3) = 0 [pid 6736] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6736] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6736] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6736] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6737 attached , parent_tid=[6737], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6737 [pid 6737] set_robust_list(0x7f546d3029e0, 24 [pid 6736] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6737] <... set_robust_list resumed>) = 0 [pid 6736] <... futex resumed>) = 0 [pid 6736] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6737] memfd_create("syzkaller", 0) = 3 [pid 6737] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6737] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6737] munmap(0x7f5464ee2000, 524288) = 0 [pid 6737] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6737] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6737] close(3) = 0 [pid 6737] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6737] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6737] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6737] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6737] ioctl(4, LOOP_CLR_FD) = 0 [pid 6737] close(4) = 0 [pid 6737] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6736] <... futex resumed>) = 0 [pid 6737] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6736] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6736] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6736] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6736] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6738 attached [pid 6738] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6738] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6736] <... clone resumed>, parent_tid=[6738], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6738 [pid 6736] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6738] <... futex resumed>) = 0 [pid 6736] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6738] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6738] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6737] <... mknodat resumed>) = 0 [pid 6737] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6737] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6738] <... mount resumed>) = 0 [pid 6738] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6738] chdir(".") = 0 [pid 6738] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6736] <... futex resumed>) = 0 [pid 6736] exit_group(0) = ? [pid 6737] <... futex resumed>) = ? [pid 6737] +++ exited with 0 +++ [pid 6738] <... futex resumed>) = ? [pid 6738] +++ exited with 0 +++ [pid 6736] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6736, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./576", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./576", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./576/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 136.711326][ T6737] loop0: detected capacity change from 0 to 1024 umount2("./576/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./576/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./576/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./576/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./576/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./576/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./576/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./576/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./576") = 0 mkdir("./577", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6739 ./strace-static-x86_64: Process 6739 attached [pid 6739] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6739] chdir("./577") = 0 [pid 6739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6739] setpgid(0, 0) = 0 [pid 6739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6739] write(3, "1000", 4) = 4 [pid 6739] close(3) = 0 [pid 6739] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6739] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6739] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6739] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6740 attached [pid 6740] set_robust_list(0x7f546d3029e0, 24 [pid 6739] <... clone resumed>, parent_tid=[6740], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6740 [pid 6739] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6739] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6740] <... set_robust_list resumed>) = 0 [pid 6740] memfd_create("syzkaller", 0) = 3 [pid 6740] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6740] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6740] munmap(0x7f5464ee2000, 524288) = 0 [pid 6740] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6740] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6740] close(3) = 0 [pid 6740] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6740] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6740] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6740] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6740] ioctl(4, LOOP_CLR_FD) = 0 [pid 6740] close(4) = 0 [pid 6740] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6739] <... futex resumed>) = 0 [pid 6740] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6739] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6740] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6739] <... futex resumed>) = 0 [pid 6740] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6739] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6740] <... mknodat resumed>) = 0 [pid 6740] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6739] <... futex resumed>) = 0 [pid 6740] <... futex resumed>) = 0 [pid 6739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6740] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6739] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6739] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6741 attached , parent_tid=[6741], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6741 [pid 6739] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6739] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6741] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6741] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6741] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6741] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6741] chdir(".") = 0 [pid 6741] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6739] <... futex resumed>) = 0 [pid 6739] exit_group(0 [pid 6740] <... futex resumed>) = ? [pid 6739] <... exit_group resumed>) = ? [pid 6740] +++ exited with 0 +++ [pid 6741] +++ exited with 0 +++ [pid 6739] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6739, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./577", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./577", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 136.824981][ T6740] loop0: detected capacity change from 0 to 1024 umount2("./577/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./577/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./577/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./577/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./577/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./577/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./577/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./577/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./577/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./577") = 0 mkdir("./578", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6742 ./strace-static-x86_64: Process 6742 attached [pid 6742] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6742] chdir("./578") = 0 [pid 6742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6742] setpgid(0, 0) = 0 [pid 6742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6742] write(3, "1000", 4) = 4 [pid 6742] close(3) = 0 [pid 6742] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6742] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6742] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6742] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6743 attached [pid 6743] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6743] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6742] <... clone resumed>, parent_tid=[6743], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6743 [pid 6742] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6742] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6743] memfd_create("syzkaller", 0) = 3 [pid 6743] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6743] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6743] munmap(0x7f5464ee2000, 524288) = 0 [pid 6743] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6743] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6743] close(3) = 0 [pid 6743] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6743] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6743] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6743] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6743] ioctl(4, LOOP_CLR_FD) = 0 [pid 6743] close(4) = 0 [pid 6743] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6742] <... futex resumed>) = 0 [pid 6742] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6742] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6742] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6742] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6744], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6744 [pid 6742] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6742] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6743] <... futex resumed>) = 1 [pid 6743] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6744 attached [pid 6744] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6744] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6744] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6743] <... mknodat resumed>) = 0 [pid 6743] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6743] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6744] <... mount resumed>) = 0 [pid 6744] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6744] chdir(".") = 0 [pid 6744] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6742] <... futex resumed>) = 0 [pid 6744] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6742] exit_group(0 [pid 6744] <... futex resumed>) = ? [pid 6743] <... futex resumed>) = ? [pid 6742] <... exit_group resumed>) = ? [pid 6744] +++ exited with 0 +++ [pid 6743] +++ exited with 0 +++ [pid 6742] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6742, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./578", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./578", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 136.940837][ T6743] loop0: detected capacity change from 0 to 1024 umount2("./578/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./578/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./578/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./578/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./578/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./578/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./578/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./578/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./578/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./578") = 0 mkdir("./579", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6745 ./strace-static-x86_64: Process 6745 attached [pid 6745] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6745] chdir("./579") = 0 [pid 6745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6745] setpgid(0, 0) = 0 [pid 6745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6745] write(3, "1000", 4) = 4 [pid 6745] close(3) = 0 [pid 6745] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6745] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6745] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6745] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6746 attached , parent_tid=[6746], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6746 [pid 6746] set_robust_list(0x7f546d3029e0, 24 [pid 6745] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6745] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6746] <... set_robust_list resumed>) = 0 [pid 6746] memfd_create("syzkaller", 0) = 3 [pid 6746] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6746] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6746] munmap(0x7f5464ee2000, 524288) = 0 [pid 6746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6746] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6746] close(3) = 0 [pid 6746] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6746] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6746] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6746] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6746] ioctl(4, LOOP_CLR_FD) = 0 [pid 6746] close(4) = 0 [pid 6746] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6745] <... futex resumed>) = 0 [pid 6746] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6745] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6746] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6745] <... futex resumed>) = 0 [pid 6746] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6745] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6745] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6745] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6747 attached [pid 6746] <... mknodat resumed>) = 0 [pid 6747] set_robust_list(0x7f5464f619e0, 24 [pid 6745] <... clone resumed>, parent_tid=[6747], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6747 [pid 6747] <... set_robust_list resumed>) = 0 [pid 6745] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6746] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6745] <... futex resumed>) = 0 [pid 6746] <... futex resumed>) = 0 [pid 6745] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6746] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6747] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6747] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6747] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6747] chdir(".") = 0 [pid 6747] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6745] <... futex resumed>) = 0 [pid 6747] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6745] exit_group(0 [pid 6747] <... futex resumed>) = ? [pid 6746] <... futex resumed>) = ? [pid 6745] <... exit_group resumed>) = ? [pid 6747] +++ exited with 0 +++ [pid 6746] +++ exited with 0 +++ [pid 6745] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6745, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./579", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./579", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 137.043426][ T6746] loop0: detected capacity change from 0 to 1024 umount2("./579/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./579/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./579/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./579/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./579/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./579/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./579/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./579/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./579/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./579") = 0 mkdir("./580", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6748 ./strace-static-x86_64: Process 6748 attached [pid 6748] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6748] chdir("./580") = 0 [pid 6748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6748] setpgid(0, 0) = 0 [pid 6748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6748] write(3, "1000", 4) = 4 [pid 6748] close(3) = 0 [pid 6748] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6748] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6748] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6748] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6749], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6749 [pid 6748] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6748] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6749 attached [pid 6749] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6749] memfd_create("syzkaller", 0) = 3 [pid 6749] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6749] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6749] munmap(0x7f5464ee2000, 524288) = 0 [pid 6749] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6749] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6749] close(3) = 0 [pid 6749] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6749] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6749] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6749] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6749] ioctl(4, LOOP_CLR_FD) = 0 [pid 6749] close(4) = 0 [pid 6749] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6748] <... futex resumed>) = 0 [pid 6748] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6748] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6748] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6748] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6750], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6750 [pid 6748] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6748] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6749] <... futex resumed>) = 1 [pid 6749] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6749] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6749] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6750 attached [pid 6750] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6750] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6750] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6750] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6750] chdir(".") = 0 [pid 6750] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6748] <... futex resumed>) = 0 [pid 6748] exit_group(0) = ? [pid 6749] <... futex resumed>) = ? [pid 6749] +++ exited with 0 +++ [pid 6750] <... futex resumed>) = ? [pid 6750] +++ exited with 0 +++ [pid 6748] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6748, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./580", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./580", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./580/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./580/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./580/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./580/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./580/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./580/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./580/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./580/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./580/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./580") = 0 mkdir("./581", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6751 ./strace-static-x86_64: Process 6751 attached [pid 6751] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6751] chdir("./581") = 0 [pid 6751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6751] setpgid(0, 0) = 0 [pid 6751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6751] write(3, "1000", 4) = 4 [pid 6751] close(3) = 0 [pid 6751] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6751] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 137.138048][ T6749] loop0: detected capacity change from 0 to 1024 [pid 6751] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6751] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6751] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6752], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6752 [pid 6751] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6751] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6752 attached [pid 6752] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6752] memfd_create("syzkaller", 0) = 3 [pid 6752] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6752] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6752] munmap(0x7f5464ee2000, 524288) = 0 [pid 6752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6752] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6752] close(3) = 0 [pid 6752] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6752] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6752] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6752] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6752] ioctl(4, LOOP_CLR_FD) = 0 [pid 6752] close(4) = 0 [pid 6752] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6751] <... futex resumed>) = 0 [pid 6751] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6751] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6751] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6751] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6751] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6753], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6753 [pid 6751] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6751] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6752] <... futex resumed>) = 1 [pid 6752] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6752] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6753 attached [pid 6753] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6753] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6753] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6753] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6753] chdir(".") = 0 [pid 6753] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6751] <... futex resumed>) = 0 [pid 6751] exit_group(0) = ? [pid 6752] <... futex resumed>) = ? [pid 6752] +++ exited with 0 +++ [pid 6753] <... futex resumed>) = ? [pid 6753] +++ exited with 0 +++ [pid 6751] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6751, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./581", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./581", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./581/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./581/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./581/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./581/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./581/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./581/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./581/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./581/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./581/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 137.218514][ T6752] loop0: detected capacity change from 0 to 1024 rmdir("./581") = 0 mkdir("./582", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6754 ./strace-static-x86_64: Process 6754 attached [pid 6754] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6754] chdir("./582") = 0 [pid 6754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6754] setpgid(0, 0) = 0 [pid 6754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6754] write(3, "1000", 4) = 4 [pid 6754] close(3) = 0 [pid 6754] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6754] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6754] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6754] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6755 attached , parent_tid=[6755], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6755 [pid 6755] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6754] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6754] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6755] memfd_create("syzkaller", 0) = 3 [pid 6755] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6755] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6755] munmap(0x7f5464ee2000, 524288) = 0 [pid 6755] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6755] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6755] close(3) = 0 [pid 6755] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6755] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6755] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6755] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6755] ioctl(4, LOOP_CLR_FD) = 0 [pid 6755] close(4) = 0 [pid 6755] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6754] <... futex resumed>) = 0 [pid 6754] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6754] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6755] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6754] <... mmap resumed>) = 0x7f5464f41000 [pid 6754] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6754] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6756], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6756 [pid 6754] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6754] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6755] <... mknodat resumed>) = 0 [ 137.324506][ T6755] loop0: detected capacity change from 0 to 1024 [pid 6755] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6755] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6756 attached [pid 6756] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6756] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6756] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6756] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6756] chdir(".") = 0 [pid 6756] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6754] <... futex resumed>) = 0 [pid 6756] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6754] exit_group(0 [pid 6756] <... futex resumed>) = ? [pid 6754] <... exit_group resumed>) = ? [pid 6756] +++ exited with 0 +++ [pid 6755] <... futex resumed>) = ? [pid 6755] +++ exited with 0 +++ [pid 6754] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6754, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./582", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./582", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./582/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./582/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./582/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./582/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./582/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./582/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./582/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./582/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./582/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./582") = 0 mkdir("./583", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6757 ./strace-static-x86_64: Process 6757 attached [pid 6757] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6757] chdir("./583") = 0 [pid 6757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6757] setpgid(0, 0) = 0 [pid 6757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6757] write(3, "1000", 4) = 4 [pid 6757] close(3) = 0 [pid 6757] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6757] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6757] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6757] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6758 attached , parent_tid=[6758], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6758 [pid 6758] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6758] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6757] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6758] <... futex resumed>) = 0 [pid 6757] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6758] memfd_create("syzkaller", 0) = 3 [pid 6758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6758] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6758] munmap(0x7f5464ee2000, 524288) = 0 [pid 6758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6758] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6758] close(3) = 0 [pid 6758] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6758] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6758] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6758] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6758] ioctl(4, LOOP_CLR_FD) = 0 [pid 6758] close(4) = 0 [pid 6758] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6757] <... futex resumed>) = 0 [pid 6757] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6757] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6757] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6757] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6759], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6759 [pid 6757] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6757] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6758] <... futex resumed>) = 1 [pid 6758] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6759 attached [pid 6759] set_robust_list(0x7f5464f619e0, 24 [pid 6758] <... mknodat resumed>) = 0 [pid 6758] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6758] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6759] <... set_robust_list resumed>) = 0 [pid 6759] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6759] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6759] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6759] chdir(".") = 0 [pid 6759] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6757] <... futex resumed>) = 0 [pid 6757] exit_group(0 [pid 6758] <... futex resumed>) = ? [pid 6757] <... exit_group resumed>) = ? [pid 6758] +++ exited with 0 +++ [pid 6759] <... futex resumed>) = ? [pid 6759] +++ exited with 0 +++ [pid 6757] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6757, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./583", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./583", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./583/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./583/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./583/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./583/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./583/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 [ 137.487573][ T6758] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./583/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./583/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./583/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./583/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./583") = 0 mkdir("./584", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6760 ./strace-static-x86_64: Process 6760 attached [pid 6760] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6760] chdir("./584") = 0 [pid 6760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6760] setpgid(0, 0) = 0 [pid 6760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6760] write(3, "1000", 4) = 4 [pid 6760] close(3) = 0 [pid 6760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6760] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6760] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6760] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6761 attached [pid 6761] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6761] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6760] <... clone resumed>, parent_tid=[6761], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6761 [pid 6760] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6761] <... futex resumed>) = 0 [pid 6760] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6761] memfd_create("syzkaller", 0) = 3 [pid 6761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6761] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6761] munmap(0x7f5464ee2000, 524288) = 0 [pid 6761] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6761] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6761] close(3) = 0 [pid 6761] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6761] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6761] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6761] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6761] ioctl(4, LOOP_CLR_FD) = 0 [pid 6761] close(4) = 0 [pid 6761] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6760] <... futex resumed>) = 0 [pid 6760] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6760] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6760] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6760] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6761] <... futex resumed>) = 1 [pid 6760] <... clone resumed>, parent_tid=[6762], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6762 [pid 6761] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6760] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6760] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6762 attached [pid 6762] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6762] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6762] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6761] <... mknodat resumed>) = 0 [pid 6761] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6761] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6762] <... mount resumed>) = 0 [pid 6762] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6762] chdir(".") = 0 [pid 6762] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6762] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6760] <... futex resumed>) = 0 [pid 6760] exit_group(0) = ? [pid 6761] <... futex resumed>) = ? [pid 6762] <... futex resumed>) = ? [pid 6761] +++ exited with 0 +++ [pid 6762] +++ exited with 0 +++ [pid 6760] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6760, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./584", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./584", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./584/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./584/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./584/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./584/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./584/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./584/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./584/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./584/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./584/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./584") = 0 mkdir("./585", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6763 [ 137.597493][ T6761] loop0: detected capacity change from 0 to 1024 ./strace-static-x86_64: Process 6763 attached [pid 6763] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6763] chdir("./585") = 0 [pid 6763] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6763] setpgid(0, 0) = 0 [pid 6763] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6763] write(3, "1000", 4) = 4 [pid 6763] close(3) = 0 [pid 6763] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6763] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6763] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6763] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6763] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6764 attached , parent_tid=[6764], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6764 [pid 6764] set_robust_list(0x7f546d3029e0, 24 [pid 6763] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6764] <... set_robust_list resumed>) = 0 [pid 6763] <... futex resumed>) = 0 [pid 6763] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6764] memfd_create("syzkaller", 0) = 3 [pid 6764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6764] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6764] munmap(0x7f5464ee2000, 524288) = 0 [pid 6764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6764] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6764] close(3) = 0 [pid 6764] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6764] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6764] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6764] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6764] ioctl(4, LOOP_CLR_FD) = 0 [pid 6764] close(4) = 0 [pid 6764] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6764] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6763] <... futex resumed>) = 0 [pid 6763] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6763] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6763] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6764] <... futex resumed>) = 0 [pid 6763] <... mmap resumed>) = 0x7f5464f41000 [pid 6763] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6763] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6764] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6763] <... clone resumed>, parent_tid=[6765], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6765 [pid 6763] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6763] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6764] <... mknodat resumed>) = 0 [pid 6764] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6764] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6765 attached [pid 6765] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6765] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6765] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6765] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6765] chdir(".") = 0 [pid 6765] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6763] <... futex resumed>) = 0 [pid 6765] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6763] exit_group(0 [pid 6765] <... futex resumed>) = ? [pid 6764] <... futex resumed>) = ? [pid 6763] <... exit_group resumed>) = ? [pid 6765] +++ exited with 0 +++ [pid 6764] +++ exited with 0 +++ [pid 6763] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6763, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./585", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./585", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./585/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./585/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 137.690189][ T6764] loop0: detected capacity change from 0 to 1024 lstat("./585/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./585/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./585/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./585/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./585/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./585/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./585/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./585") = 0 mkdir("./586", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6766 ./strace-static-x86_64: Process 6766 attached [pid 6766] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6766] chdir("./586") = 0 [pid 6766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6766] setpgid(0, 0) = 0 [pid 6766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6766] write(3, "1000", 4) = 4 [pid 6766] close(3) = 0 [pid 6766] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6766] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6766] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6766] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6767 attached [pid 6767] set_robust_list(0x7f546d3029e0, 24 [pid 6766] <... clone resumed>, parent_tid=[6767], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6767 [pid 6767] <... set_robust_list resumed>) = 0 [pid 6766] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6766] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6767] memfd_create("syzkaller", 0) = 3 [pid 6767] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6767] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6767] munmap(0x7f5464ee2000, 524288) = 0 [pid 6767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6767] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6767] close(3) = 0 [pid 6767] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6767] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6767] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6767] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6767] ioctl(4, LOOP_CLR_FD) = 0 [pid 6767] close(4) = 0 [pid 6767] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6766] <... futex resumed>) = 0 [pid 6767] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6766] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6767] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6766] <... futex resumed>) = 0 [pid 6766] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6766] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6767] <... mknodat resumed>) = 0 [pid 6767] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6767] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6766] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6768], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6768 ./strace-static-x86_64: Process 6768 attached [pid 6766] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6768] set_robust_list(0x7f5464f619e0, 24 [pid 6766] <... futex resumed>) = 0 [pid 6768] <... set_robust_list resumed>) = 0 [pid 6766] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6768] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6768] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6768] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6768] chdir(".") = 0 [pid 6768] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6766] <... futex resumed>) = 0 [pid 6768] <... futex resumed>) = 1 [pid 6766] exit_group(0 [pid 6767] <... futex resumed>) = ? [pid 6766] <... exit_group resumed>) = ? [pid 6768] +++ exited with 0 +++ [pid 6767] +++ exited with 0 +++ [pid 6766] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6766, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./586", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./586", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 137.807657][ T6767] loop0: detected capacity change from 0 to 1024 umount2("./586/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./586/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./586/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./586/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./586/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./586/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./586/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./586/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./586/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./586") = 0 mkdir("./587", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6769 ./strace-static-x86_64: Process 6769 attached [pid 6769] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6769] chdir("./587") = 0 [pid 6769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6769] setpgid(0, 0) = 0 [pid 6769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6769] write(3, "1000", 4) = 4 [pid 6769] close(3) = 0 [pid 6769] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6769] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6769] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6769] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6770], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6770 [pid 6769] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6769] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6770 attached [pid 6770] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6770] memfd_create("syzkaller", 0) = 3 [pid 6770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6770] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6770] munmap(0x7f5464ee2000, 524288) = 0 [pid 6770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6770] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6770] close(3) = 0 [pid 6770] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6770] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6770] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6770] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6770] ioctl(4, LOOP_CLR_FD) = 0 [pid 6770] close(4) = 0 [pid 6770] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6769] <... futex resumed>) = 0 [pid 6769] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6769] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6769] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6769] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6771], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6771 [pid 6769] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6769] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6770] <... futex resumed>) = 1 [pid 6770] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6770] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6770] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6771 attached [pid 6771] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6771] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6771] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6771] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6771] chdir(".") = 0 [pid 6771] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6769] <... futex resumed>) = 0 [pid 6769] exit_group(0) = ? [pid 6770] <... futex resumed>) = ? [pid 6770] +++ exited with 0 +++ [pid 6771] <... futex resumed>) = ? [pid 6771] +++ exited with 0 +++ [pid 6769] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6769, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./587", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./587", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 137.914453][ T6770] loop0: detected capacity change from 0 to 1024 umount2("./587/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./587/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./587/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./587/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./587/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./587/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./587/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./587/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./587/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./587") = 0 mkdir("./588", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6772 ./strace-static-x86_64: Process 6772 attached [pid 6772] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6772] chdir("./588") = 0 [pid 6772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6772] setpgid(0, 0) = 0 [pid 6772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6772] write(3, "1000", 4) = 4 [pid 6772] close(3) = 0 [pid 6772] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6772] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6772] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6772] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6773], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6773 [pid 6772] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6772] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6773 attached [pid 6773] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6773] memfd_create("syzkaller", 0) = 3 [pid 6773] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6773] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6773] munmap(0x7f5464ee2000, 524288) = 0 [pid 6773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6773] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6773] close(3) = 0 [pid 6773] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6773] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6773] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6773] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6773] ioctl(4, LOOP_CLR_FD) = 0 [pid 6773] close(4) = 0 [pid 6773] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6772] <... futex resumed>) = 0 [pid 6772] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6772] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6773] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6772] <... mmap resumed>) = 0x7f5464f41000 [pid 6772] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6772] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6774], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6774 [pid 6772] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6772] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6774 attached [pid 6774] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6774] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6774] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6773] <... mknodat resumed>) = 0 [pid 6773] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6773] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6774] <... mount resumed>) = 0 [pid 6774] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6774] chdir(".") = 0 [pid 6774] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6772] <... futex resumed>) = 0 [pid 6772] exit_group(0 [pid 6773] <... futex resumed>) = ? [pid 6772] <... exit_group resumed>) = ? [pid 6773] +++ exited with 0 +++ [ 138.022599][ T6773] loop0: detected capacity change from 0 to 1024 [pid 6774] +++ exited with 0 +++ [pid 6772] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6772, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./588", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./588", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./588/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./588/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./588/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./588/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./588/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./588/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./588/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./588/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./588/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./588") = 0 mkdir("./589", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6775 ./strace-static-x86_64: Process 6775 attached [pid 6775] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6775] chdir("./589") = 0 [pid 6775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6775] setpgid(0, 0) = 0 [pid 6775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6775] write(3, "1000", 4) = 4 [pid 6775] close(3) = 0 [pid 6775] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6775] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6775] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6775] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6775] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6776], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6776 [pid 6775] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6775] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6776 attached [pid 6776] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6776] memfd_create("syzkaller", 0) = 3 [pid 6776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6776] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6776] munmap(0x7f5464ee2000, 524288) = 0 [pid 6776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6776] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6776] close(3) = 0 [pid 6776] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6776] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6776] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6776] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6776] ioctl(4, LOOP_CLR_FD) = 0 [pid 6776] close(4) = 0 [pid 6776] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6775] <... futex resumed>) = 0 [pid 6776] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6775] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6775] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6775] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6776] <... mknodat resumed>) = 0 [pid 6775] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 6776] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6775] <... mprotect resumed>) = 0 [pid 6775] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6776] <... futex resumed>) = 0 [pid 6775] <... clone resumed>, parent_tid=[6777], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6777 [pid 6775] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6775] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6776] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6777 attached [pid 6777] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6777] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6777] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6777] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6777] chdir(".") = 0 [pid 6777] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6775] <... futex resumed>) = 0 [pid 6775] exit_group(0) = ? [pid 6776] <... futex resumed>) = ? [pid 6777] <... futex resumed>) = ? [pid 6777] +++ exited with 0 +++ [pid 6776] +++ exited with 0 +++ [pid 6775] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6775, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./589", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./589", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 138.157357][ T6776] loop0: detected capacity change from 0 to 1024 umount2("./589/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./589/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./589/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./589/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./589/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./589/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./589/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./589/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./589/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./589") = 0 mkdir("./590", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6778 ./strace-static-x86_64: Process 6778 attached [pid 6778] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6778] chdir("./590") = 0 [pid 6778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6778] setpgid(0, 0) = 0 [pid 6778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6778] write(3, "1000", 4) = 4 [pid 6778] close(3) = 0 [pid 6778] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6778] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6778] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6778] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6779], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6779 [pid 6778] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6778] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6779 attached [pid 6779] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6779] memfd_create("syzkaller", 0) = 3 [pid 6779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6779] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6779] munmap(0x7f5464ee2000, 524288) = 0 [pid 6779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6779] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6779] close(3) = 0 [pid 6779] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6779] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6779] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6779] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6779] ioctl(4, LOOP_CLR_FD) = 0 [pid 6779] close(4) = 0 [pid 6779] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6778] <... futex resumed>) = 0 [pid 6778] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6778] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6778] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6778] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6780], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6780 [pid 6778] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6778] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6779] <... futex resumed>) = 1 [pid 6779] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6779] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6779] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6780 attached [pid 6780] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6780] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6780] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6780] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6780] chdir(".") = 0 [pid 6780] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6778] <... futex resumed>) = 0 [pid 6778] exit_group(0 [pid 6779] <... futex resumed>) = ? [pid 6778] <... exit_group resumed>) = ? [pid 6780] +++ exited with 0 +++ [pid 6779] +++ exited with 0 +++ [pid 6778] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6778, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./590", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./590", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 138.311453][ T6779] loop0: detected capacity change from 0 to 1024 umount2("./590/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./590/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./590/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./590/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./590/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./590/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./590/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./590/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./590/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./590") = 0 mkdir("./591", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6781 ./strace-static-x86_64: Process 6781 attached [pid 6781] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6781] chdir("./591") = 0 [pid 6781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6781] setpgid(0, 0) = 0 [pid 6781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6781] write(3, "1000", 4) = 4 [pid 6781] close(3) = 0 [pid 6781] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6781] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6781] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6781] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6782], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6782 ./strace-static-x86_64: Process 6782 attached [pid 6782] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6782] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6781] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6781] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6782] <... futex resumed>) = 0 [pid 6782] memfd_create("syzkaller", 0) = 3 [pid 6782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6782] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6782] munmap(0x7f5464ee2000, 524288) = 0 [pid 6782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6782] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6782] close(3) = 0 [pid 6782] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6782] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6782] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6782] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6782] ioctl(4, LOOP_CLR_FD) = 0 [pid 6782] close(4) = 0 [pid 6782] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6782] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6781] <... futex resumed>) = 0 [pid 6781] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6782] <... futex resumed>) = 0 [pid 6782] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6781] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6781] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6781] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6783], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6783 [pid 6781] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6781] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6782] <... mknodat resumed>) = 0 [pid 6782] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6782] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6783 attached [pid 6783] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6783] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6783] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6783] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6783] chdir(".") = 0 [pid 6783] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6781] <... futex resumed>) = 0 [pid 6783] <... futex resumed>) = 1 [pid 6781] exit_group(0 [pid 6783] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6781] <... exit_group resumed>) = ? [pid 6783] <... futex resumed>) = ? [pid 6782] <... futex resumed>) = ? [pid 6782] +++ exited with 0 +++ [pid 6783] +++ exited with 0 +++ [pid 6781] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6781, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./591", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./591", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 138.445331][ T6782] loop0: detected capacity change from 0 to 1024 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./591/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./591/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./591/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./591/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./591/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./591/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./591/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./591/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./591/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./591") = 0 mkdir("./592", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6784 ./strace-static-x86_64: Process 6784 attached [pid 6784] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6784] chdir("./592") = 0 [pid 6784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6784] setpgid(0, 0) = 0 [pid 6784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6784] write(3, "1000", 4) = 4 [pid 6784] close(3) = 0 [pid 6784] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6784] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6784] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6784] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6785 attached , parent_tid=[6785], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6785 [pid 6785] set_robust_list(0x7f546d3029e0, 24 [pid 6784] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6785] <... set_robust_list resumed>) = 0 [pid 6784] <... futex resumed>) = 0 [pid 6784] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6785] memfd_create("syzkaller", 0) = 3 [pid 6785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6785] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6785] munmap(0x7f5464ee2000, 524288) = 0 [pid 6785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6785] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6785] close(3) = 0 [pid 6785] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6785] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6785] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6785] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6785] ioctl(4, LOOP_CLR_FD) = 0 [pid 6785] close(4) = 0 [pid 6785] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6785] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6784] <... futex resumed>) = 0 [pid 6784] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6785] <... futex resumed>) = 0 [pid 6784] <... futex resumed>) = 1 [pid 6785] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6784] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6784] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6784] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6786], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6786 [pid 6784] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6784] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6785] <... mknodat resumed>) = 0 [pid 6785] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6785] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6786 attached [pid 6786] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6786] mkdir(".", 0777) = -1 EEXIST (File exists) [ 138.606452][ T6785] loop0: detected capacity change from 0 to 1024 [pid 6786] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6786] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6786] chdir(".") = 0 [pid 6786] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6784] <... futex resumed>) = 0 [pid 6786] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6784] exit_group(0 [pid 6786] <... futex resumed>) = ? [pid 6785] <... futex resumed>) = ? [pid 6784] <... exit_group resumed>) = ? [pid 6785] +++ exited with 0 +++ [pid 6786] +++ exited with 0 +++ [pid 6784] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6784, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./592", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./592", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./592/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./592/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./592/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./592/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./592/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./592/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./592/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./592/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./592/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./592") = 0 mkdir("./593", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6787 ./strace-static-x86_64: Process 6787 attached [pid 6787] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6787] chdir("./593") = 0 [pid 6787] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6787] setpgid(0, 0) = 0 [pid 6787] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6787] write(3, "1000", 4) = 4 [pid 6787] close(3) = 0 [pid 6787] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6787] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6787] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6787] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6787] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6788 attached , parent_tid=[6788], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6788 [pid 6788] set_robust_list(0x7f546d3029e0, 24 [pid 6787] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6787] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6788] <... set_robust_list resumed>) = 0 [pid 6788] memfd_create("syzkaller", 0) = 3 [pid 6788] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6788] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6788] munmap(0x7f5464ee2000, 524288) = 0 [pid 6788] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6788] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6788] close(3) = 0 [pid 6788] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6788] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6788] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6788] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6788] ioctl(4, LOOP_CLR_FD) = 0 [pid 6788] close(4) = 0 [pid 6788] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6787] <... futex resumed>) = 0 [pid 6787] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6788] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6787] <... futex resumed>) = 0 [pid 6787] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6787] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6787] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6787] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6789], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6789 [pid 6787] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6787] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6789 attached [pid 6789] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6789] mkdir(".", 0777 [pid 6788] <... mknodat resumed>) = 0 [pid 6789] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6788] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6788] <... futex resumed>) = 0 [pid 6788] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6789] <... mount resumed>) = 0 [pid 6789] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6789] chdir(".") = 0 [pid 6789] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6787] <... futex resumed>) = 0 [pid 6789] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6787] exit_group(0) = ? [pid 6788] <... futex resumed>) = ? [pid 6789] <... futex resumed>) = ? [pid 6788] +++ exited with 0 +++ [pid 6789] +++ exited with 0 +++ [pid 6787] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6787, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./593", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./593", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 138.781513][ T6788] loop0: detected capacity change from 0 to 1024 umount2("./593/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./593/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./593/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./593/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./593/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./593/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./593/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./593/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./593/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./593") = 0 mkdir("./594", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6790 ./strace-static-x86_64: Process 6790 attached [pid 6790] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6790] chdir("./594") = 0 [pid 6790] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6790] setpgid(0, 0) = 0 [pid 6790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6790] write(3, "1000", 4) = 4 [pid 6790] close(3) = 0 [pid 6790] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6790] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6790] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6790] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6790] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6791 attached , parent_tid=[6791], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6791 [pid 6791] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6791] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6790] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6791] <... futex resumed>) = 0 [pid 6790] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6791] memfd_create("syzkaller", 0) = 3 [pid 6791] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6791] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6791] munmap(0x7f5464ee2000, 524288) = 0 [pid 6791] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6791] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6791] close(3) = 0 [pid 6791] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6791] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6791] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6791] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6791] ioctl(4, LOOP_CLR_FD) = 0 [pid 6791] close(4) = 0 [pid 6791] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6790] <... futex resumed>) = 0 [pid 6790] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6790] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6790] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6790] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6790] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6792], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6792 [pid 6790] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6790] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6791] <... futex resumed>) = 1 [pid 6791] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6791] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6791] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6792 attached [pid 6792] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6792] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6792] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6792] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6792] chdir(".") = 0 [ 138.896885][ T6791] loop0: detected capacity change from 0 to 1024 [pid 6792] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6790] <... futex resumed>) = 0 [pid 6792] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6790] exit_group(0 [pid 6791] <... futex resumed>) = ? [pid 6790] <... exit_group resumed>) = ? [pid 6792] <... futex resumed>) = ? [pid 6791] +++ exited with 0 +++ [pid 6792] +++ exited with 0 +++ [pid 6790] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6790, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./594", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./594", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./594/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./594/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./594/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./594/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./594/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./594/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./594/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./594/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./594/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./594") = 0 mkdir("./595", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6793 ./strace-static-x86_64: Process 6793 attached [pid 6793] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6793] chdir("./595") = 0 [pid 6793] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6793] setpgid(0, 0) = 0 [pid 6793] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6793] write(3, "1000", 4) = 4 [pid 6793] close(3) = 0 [pid 6793] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6793] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6793] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6793] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6793] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6794 attached , parent_tid=[6794], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6794 [pid 6794] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6794] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6793] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6793] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6794] <... futex resumed>) = 0 [pid 6794] memfd_create("syzkaller", 0) = 3 [pid 6794] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6794] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6794] munmap(0x7f5464ee2000, 524288) = 0 [pid 6794] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6794] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6794] close(3) = 0 [pid 6794] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6794] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6794] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6794] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6794] ioctl(4, LOOP_CLR_FD) = 0 [pid 6794] close(4) = 0 [pid 6794] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6793] <... futex resumed>) = 0 [pid 6793] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6793] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6793] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6793] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6793] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6795], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6795 [pid 6793] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6795 attached [pid 6793] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6794] <... futex resumed>) = 1 [pid 6794] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6795] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6795] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6795] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6794] <... mknodat resumed>) = 0 [pid 6794] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6794] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6795] <... mount resumed>) = 0 [pid 6795] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6795] chdir(".") = 0 [pid 6795] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6793] <... futex resumed>) = 0 [pid 6793] exit_group(0 [pid 6794] <... futex resumed>) = ? [pid 6793] <... exit_group resumed>) = ? [pid 6794] +++ exited with 0 +++ [pid 6795] +++ exited with 0 +++ [pid 6793] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6793, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./595", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./595", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 139.027763][ T6794] loop0: detected capacity change from 0 to 1024 umount2("./595/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./595/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./595/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./595/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./595/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./595/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./595/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./595/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./595/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./595") = 0 mkdir("./596", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6796 ./strace-static-x86_64: Process 6796 attached [pid 6796] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6796] chdir("./596") = 0 [pid 6796] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6796] setpgid(0, 0) = 0 [pid 6796] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6796] write(3, "1000", 4) = 4 [pid 6796] close(3) = 0 [pid 6796] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6796] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6796] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6796] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6796] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6797], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6797 [pid 6796] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6796] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6797 attached [pid 6797] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6797] memfd_create("syzkaller", 0) = 3 [pid 6797] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6797] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6797] munmap(0x7f5464ee2000, 524288) = 0 [pid 6797] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6797] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6797] close(3) = 0 [pid 6797] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6797] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6797] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6797] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6797] ioctl(4, LOOP_CLR_FD) = 0 [pid 6797] close(4) = 0 [pid 6797] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] <... futex resumed>) = 0 [pid 6796] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6796] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6796] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6796] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6796] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6798], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6798 [pid 6796] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6796] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6797] <... futex resumed>) = 1 [pid 6797] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6797] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6797] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6798 attached [pid 6798] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6798] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6798] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6798] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6798] chdir(".") = 0 [ 139.126130][ T6797] loop0: detected capacity change from 0 to 1024 [pid 6798] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6796] <... futex resumed>) = 0 [pid 6796] exit_group(0 [pid 6797] <... futex resumed>) = ? [pid 6796] <... exit_group resumed>) = ? [pid 6797] +++ exited with 0 +++ [pid 6798] +++ exited with 0 +++ [pid 6796] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6796, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./596", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./596", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./596/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./596/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./596/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./596/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./596/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./596/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./596/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./596/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./596/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./596") = 0 mkdir("./597", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6799 ./strace-static-x86_64: Process 6799 attached [pid 6799] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6799] chdir("./597") = 0 [pid 6799] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6799] setpgid(0, 0) = 0 [pid 6799] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6799] write(3, "1000", 4) = 4 [pid 6799] close(3) = 0 [pid 6799] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6799] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6799] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6799] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6799] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6800], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6800 [pid 6799] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6799] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6800 attached [pid 6800] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6800] memfd_create("syzkaller", 0) = 3 [pid 6800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6800] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6800] munmap(0x7f5464ee2000, 524288) = 0 [pid 6800] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6800] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6800] close(3) = 0 [pid 6800] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6800] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6800] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6800] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6800] ioctl(4, LOOP_CLR_FD) = 0 [pid 6800] close(4) = 0 [pid 6800] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6799] <... futex resumed>) = 0 [pid 6799] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6799] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6799] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6800] <... futex resumed>) = 1 [pid 6799] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 6800] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6799] <... mprotect resumed>) = 0 [pid 6799] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6801], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6801 [pid 6799] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6799] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6801 attached [pid 6801] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6801] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6801] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6800] <... mknodat resumed>) = 0 [pid 6800] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6800] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6801] <... mount resumed>) = 0 [pid 6801] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6801] chdir(".") = 0 [pid 6801] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6799] <... futex resumed>) = 0 [pid 6801] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6799] exit_group(0 [pid 6801] <... futex resumed>) = ? [pid 6799] <... exit_group resumed>) = ? [pid 6800] <... futex resumed>) = ? [pid 6800] +++ exited with 0 +++ [pid 6801] +++ exited with 0 +++ [pid 6799] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6799, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./597", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./597", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./597/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./597/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./597/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./597/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./597/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 139.258002][ T6800] loop0: detected capacity change from 0 to 1024 rmdir("./597/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./597/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./597/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./597/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./597") = 0 mkdir("./598", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6802 ./strace-static-x86_64: Process 6802 attached [pid 6802] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6802] chdir("./598") = 0 [pid 6802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6802] setpgid(0, 0) = 0 [pid 6802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6802] write(3, "1000", 4) = 4 [pid 6802] close(3) = 0 [pid 6802] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6802] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6802] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6802] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6803], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6803 [pid 6802] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6802] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6803 attached [pid 6803] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6803] memfd_create("syzkaller", 0) = 3 [pid 6803] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6803] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6803] munmap(0x7f5464ee2000, 524288) = 0 [pid 6803] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6803] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6803] close(3) = 0 [pid 6803] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6803] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6803] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6803] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6803] ioctl(4, LOOP_CLR_FD) = 0 [pid 6803] close(4) = 0 [pid 6803] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6802] <... futex resumed>) = 0 [pid 6803] <... futex resumed>) = 1 [pid 6802] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6803] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6802] <... futex resumed>) = 0 [pid 6802] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6802] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6802] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6804], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6804 [pid 6802] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6802] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6804 attached [pid 6804] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6804] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6804] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6803] <... mknodat resumed>) = 0 [pid 6803] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6803] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6804] <... mount resumed>) = 0 [pid 6804] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6804] chdir(".") = 0 [pid 6804] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6802] <... futex resumed>) = 0 [pid 6804] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6802] exit_group(0) = ? [pid 6804] <... futex resumed>) = ? [pid 6804] +++ exited with 0 +++ [pid 6803] <... futex resumed>) = ? [pid 6803] +++ exited with 0 +++ [pid 6802] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6802, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./598", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./598", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./598/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./598/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./598/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./598/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./598/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./598/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./598/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./598/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./598/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 [ 139.360390][ T6803] loop0: detected capacity change from 0 to 1024 close(3) = 0 rmdir("./598") = 0 mkdir("./599", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6805 attached [pid 6805] set_robust_list(0x5555561b25e0, 24 [pid 4999] <... clone resumed>, child_tidptr=0x5555561b25d0) = 6805 [pid 6805] <... set_robust_list resumed>) = 0 [pid 6805] chdir("./599") = 0 [pid 6805] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6805] setpgid(0, 0) = 0 [pid 6805] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6805] write(3, "1000", 4) = 4 [pid 6805] close(3) = 0 [pid 6805] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6805] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6805] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6805] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6805] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6806 attached , parent_tid=[6806], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6806 [pid 6805] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6805] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6806] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6806] memfd_create("syzkaller", 0) = 3 [pid 6806] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6806] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6806] munmap(0x7f5464ee2000, 524288) = 0 [pid 6806] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6806] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6806] close(3) = 0 [pid 6806] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6806] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6806] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6806] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6806] ioctl(4, LOOP_CLR_FD) = 0 [pid 6806] close(4) = 0 [pid 6806] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6805] <... futex resumed>) = 0 [pid 6805] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6805] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6805] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6805] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6805] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6807], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6807 [pid 6806] <... futex resumed>) = 1 [pid 6805] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6806] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6805] <... futex resumed>) = 0 [pid 6805] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6807 attached [pid 6807] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6806] <... mknodat resumed>) = 0 [pid 6806] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6806] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6807] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6807] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6807] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6807] chdir(".") = 0 [pid 6807] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6805] <... futex resumed>) = 0 [pid 6805] exit_group(0 [pid 6806] <... futex resumed>) = ? [pid 6805] <... exit_group resumed>) = ? [pid 6806] +++ exited with 0 +++ [pid 6807] +++ exited with 0 +++ [pid 6805] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6805, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./599", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./599", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./599/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./599/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 139.476110][ T6806] loop0: detected capacity change from 0 to 1024 lstat("./599/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./599/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./599/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./599/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./599/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./599/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./599/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./599") = 0 mkdir("./600", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6808 ./strace-static-x86_64: Process 6808 attached [pid 6808] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6808] chdir("./600") = 0 [pid 6808] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6808] setpgid(0, 0) = 0 [pid 6808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6808] write(3, "1000", 4) = 4 [pid 6808] close(3) = 0 [pid 6808] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6808] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6808] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6808] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6808] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6809], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6809 [pid 6808] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6808] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6809 attached [pid 6809] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6809] memfd_create("syzkaller", 0) = 3 [pid 6809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6809] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6809] munmap(0x7f5464ee2000, 524288) = 0 [pid 6809] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6809] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6809] close(3) = 0 [pid 6809] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6809] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6809] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6809] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6809] ioctl(4, LOOP_CLR_FD) = 0 [pid 6809] close(4) = 0 [pid 6809] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6808] <... futex resumed>) = 0 [pid 6809] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6808] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6809] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6808] <... futex resumed>) = 0 [pid 6809] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6808] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6809] <... mknodat resumed>) = 0 [pid 6808] <... futex resumed>) = 0 [pid 6808] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6809] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6808] <... mmap resumed>) = 0x7f5464f41000 [pid 6809] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6808] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6808] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6810 attached , parent_tid=[6810], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6810 [pid 6808] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6810] set_robust_list(0x7f5464f619e0, 24 [pid 6808] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6810] <... set_robust_list resumed>) = 0 [pid 6810] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6810] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6810] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6810] chdir(".") = 0 [pid 6810] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6808] <... futex resumed>) = 0 [pid 6810] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6808] exit_group(0 [pid 6810] <... futex resumed>) = ? [pid 6809] <... futex resumed>) = ? [pid 6808] <... exit_group resumed>) = ? [pid 6810] +++ exited with 0 +++ [pid 6809] +++ exited with 0 +++ [pid 6808] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6808, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./600", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./600", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 139.588623][ T6809] loop0: detected capacity change from 0 to 1024 umount2("./600/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./600/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./600/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./600/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./600/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./600/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./600/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./600/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./600/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./600") = 0 mkdir("./601", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6811 ./strace-static-x86_64: Process 6811 attached [pid 6811] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6811] chdir("./601") = 0 [pid 6811] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6811] setpgid(0, 0) = 0 [pid 6811] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6811] write(3, "1000", 4) = 4 [pid 6811] close(3) = 0 [pid 6811] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6811] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6811] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6811] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6811] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6812 attached , parent_tid=[6812], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6812 [pid 6811] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6812] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6811] <... futex resumed>) = 0 [pid 6811] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6812] memfd_create("syzkaller", 0) = 3 [pid 6812] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6812] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6812] munmap(0x7f5464ee2000, 524288) = 0 [pid 6812] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6812] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6812] close(3) = 0 [pid 6812] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6812] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6812] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6812] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6812] ioctl(4, LOOP_CLR_FD) = 0 [pid 6812] close(4) = 0 [pid 6812] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6811] <... futex resumed>) = 0 [pid 6811] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6811] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6811] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6811] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6811] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6813], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6813 [pid 6811] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6811] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6812] <... futex resumed>) = 1 [pid 6812] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6812] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6812] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6813 attached [pid 6813] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6813] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6813] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6813] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6813] chdir(".") = 0 [pid 6813] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6811] <... futex resumed>) = 0 [pid 6811] exit_group(0) = ? [pid 6812] <... futex resumed>) = ? [pid 6813] +++ exited with 0 +++ [pid 6812] +++ exited with 0 +++ [pid 6811] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6811, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./601", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./601", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./601/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./601/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./601/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./601/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./601/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./601/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./601/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./601/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./601/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./601") = 0 [ 139.707191][ T6812] loop0: detected capacity change from 0 to 1024 mkdir("./602", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6814 ./strace-static-x86_64: Process 6814 attached [pid 6814] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6814] chdir("./602") = 0 [pid 6814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6814] setpgid(0, 0) = 0 [pid 6814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6814] write(3, "1000", 4) = 4 [pid 6814] close(3) = 0 [pid 6814] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6814] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6814] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6814] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6815], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6815 [pid 6814] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6814] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6815 attached [pid 6815] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6815] memfd_create("syzkaller", 0) = 3 [pid 6815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6815] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6815] munmap(0x7f5464ee2000, 524288) = 0 [pid 6815] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6815] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6815] close(3) = 0 [pid 6815] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6815] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6815] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6815] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6815] ioctl(4, LOOP_CLR_FD) = 0 [pid 6815] close(4) = 0 [pid 6815] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6815] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6814] <... futex resumed>) = 0 [pid 6814] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6814] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6815] <... futex resumed>) = 0 [pid 6815] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6814] <... mmap resumed>) = 0x7f5464f41000 [pid 6814] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6814] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6816 attached [pid 6816] set_robust_list(0x7f5464f619e0, 24 [pid 6814] <... clone resumed>, parent_tid=[6816], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6816 [pid 6816] <... set_robust_list resumed>) = 0 [pid 6814] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6814] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6816] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6816] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6816] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6816] chdir(".") = 0 [pid 6816] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6814] <... futex resumed>) = 0 [pid 6816] <... futex resumed>) = 1 [pid 6816] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6815] <... mknodat resumed>) = 0 [pid 6815] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6814] exit_group(0) = ? [pid 6816] <... futex resumed>) = ? [pid 6816] +++ exited with 0 +++ [pid 6815] <... futex resumed>) = ? [pid 6815] +++ exited with 0 +++ [pid 6814] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6814, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./602", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./602", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 139.822358][ T6815] loop0: detected capacity change from 0 to 1024 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./602/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./602/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./602/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./602/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./602/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./602/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./602/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./602/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./602/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./602") = 0 mkdir("./603", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6817 attached [pid 6817] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6817] chdir("./603") = 0 [pid 4999] <... clone resumed>, child_tidptr=0x5555561b25d0) = 6817 [pid 6817] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6817] setpgid(0, 0) = 0 [pid 6817] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6817] write(3, "1000", 4) = 4 [pid 6817] close(3) = 0 [pid 6817] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6817] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6817] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6817] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6818], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6818 ./strace-static-x86_64: Process 6818 attached [pid 6818] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6818] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6817] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6818] <... futex resumed>) = 0 [pid 6818] memfd_create("syzkaller", 0 [pid 6817] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6818] <... memfd_create resumed>) = 3 [pid 6818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6818] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6818] munmap(0x7f5464ee2000, 524288) = 0 [pid 6818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6818] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6818] close(3) = 0 [pid 6818] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6818] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6818] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6818] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6818] ioctl(4, LOOP_CLR_FD) = 0 [pid 6818] close(4) = 0 [pid 6818] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6817] <... futex resumed>) = 0 [pid 6818] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6817] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6818] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6817] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6818] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6817] <... futex resumed>) = 0 [pid 6817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6818] <... mknodat resumed>) = 0 [pid 6817] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6818] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6817] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6818] <... futex resumed>) = 0 [pid 6818] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6817] <... clone resumed>, parent_tid=[6819], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6819 [pid 6817] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6817] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6819 attached [pid 6819] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6819] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6819] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6819] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6819] chdir(".") = 0 [pid 6819] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6817] <... futex resumed>) = 0 [pid 6817] exit_group(0 [pid 6818] <... futex resumed>) = ? [pid 6817] <... exit_group resumed>) = ? [pid 6818] +++ exited with 0 +++ [pid 6819] +++ exited with 0 +++ [pid 6817] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6817, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./603", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./603", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./603/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./603/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./603/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./603/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./603/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 [ 139.938152][ T6818] loop0: detected capacity change from 0 to 1024 close(4) = 0 rmdir("./603/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./603/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./603/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./603/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./603") = 0 mkdir("./604", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6820 attached , child_tidptr=0x5555561b25d0) = 6820 [pid 6820] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6820] chdir("./604") = 0 [pid 6820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6820] setpgid(0, 0) = 0 [pid 6820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6820] write(3, "1000", 4) = 4 [pid 6820] close(3) = 0 [pid 6820] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6820] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6820] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6820] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6820] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6821 attached , parent_tid=[6821], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6821 [pid 6821] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6821] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6820] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6821] <... futex resumed>) = 0 [pid 6820] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6821] memfd_create("syzkaller", 0) = 3 [pid 6821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6821] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6821] munmap(0x7f5464ee2000, 524288) = 0 [pid 6821] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6821] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6821] close(3) = 0 [pid 6821] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6821] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6821] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6821] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6821] ioctl(4, LOOP_CLR_FD) = 0 [pid 6821] close(4) = 0 [pid 6821] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6820] <... futex resumed>) = 0 [pid 6820] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6820] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6820] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6820] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6820] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6822], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6822 [pid 6820] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6820] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6821] <... futex resumed>) = 1 [pid 6821] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6822 attached [pid 6822] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6822] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6821] <... mknodat resumed>) = 0 [pid 6821] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6821] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6822] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6822] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6822] chdir(".") = 0 [pid 6822] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6820] <... futex resumed>) = 0 [pid 6820] exit_group(0) = ? [pid 6821] <... futex resumed>) = ? [pid 6821] +++ exited with 0 +++ [pid 6822] <... futex resumed>) = ? [pid 6822] +++ exited with 0 +++ [pid 6820] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6820, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./604", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./604", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./604/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 140.035008][ T6821] loop0: detected capacity change from 0 to 1024 umount2("./604/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./604/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./604/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./604/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./604/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./604/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./604/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./604/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./604") = 0 mkdir("./605", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6823 attached , child_tidptr=0x5555561b25d0) = 6823 [pid 6823] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6823] chdir("./605") = 0 [pid 6823] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6823] setpgid(0, 0) = 0 [pid 6823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6823] write(3, "1000", 4) = 4 [pid 6823] close(3) = 0 [pid 6823] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6823] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6823] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6823] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6823] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6824], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6824 [pid 6823] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6823] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6824 attached [pid 6824] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6824] memfd_create("syzkaller", 0) = 3 [pid 6824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6824] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6824] munmap(0x7f5464ee2000, 524288) = 0 [pid 6824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6824] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6824] close(3) = 0 [pid 6824] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6824] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6824] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6824] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6824] ioctl(4, LOOP_CLR_FD) = 0 [pid 6824] close(4) = 0 [pid 6824] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6823] <... futex resumed>) = 0 [pid 6823] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6823] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6823] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6823] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 6824] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6823] <... mprotect resumed>) = 0 [pid 6823] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6825 attached [pid 6825] set_robust_list(0x7f5464f619e0, 24 [pid 6823] <... clone resumed>, parent_tid=[6825], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6825 [pid 6825] <... set_robust_list resumed>) = 0 [pid 6823] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6825] mkdir(".", 0777 [pid 6823] <... futex resumed>) = 0 [pid 6825] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6823] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6825] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6824] <... mknodat resumed>) = 0 [pid 6824] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6824] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6825] <... mount resumed>) = 0 [pid 6825] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6825] chdir(".") = 0 [pid 6825] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6823] <... futex resumed>) = 0 [pid 6825] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6823] exit_group(0) = ? [pid 6824] <... futex resumed>) = ? [ 140.150476][ T6824] loop0: detected capacity change from 0 to 1024 [pid 6825] <... futex resumed>) = ? [pid 6825] +++ exited with 0 +++ [pid 6824] +++ exited with 0 +++ [pid 6823] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6823, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./605", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./605", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./605/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./605/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./605/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./605/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./605/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./605/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./605/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./605/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./605/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./605") = 0 mkdir("./606", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6826 ./strace-static-x86_64: Process 6826 attached [pid 6826] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6826] chdir("./606") = 0 [pid 6826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6826] setpgid(0, 0) = 0 [pid 6826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6826] write(3, "1000", 4) = 4 [pid 6826] close(3) = 0 [pid 6826] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6826] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6826] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6826] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6827 attached , parent_tid=[6827], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6827 [pid 6826] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6826] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6827] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6827] memfd_create("syzkaller", 0) = 3 [pid 6827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6827] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6827] munmap(0x7f5464ee2000, 524288) = 0 [pid 6827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6827] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6827] close(3) = 0 [pid 6827] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6827] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6827] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6827] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6827] ioctl(4, LOOP_CLR_FD) = 0 [pid 6827] close(4) = 0 [pid 6827] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6826] <... futex resumed>) = 0 [pid 6827] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6826] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6826] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6826] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6826] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6828], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6828 [pid 6826] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6826] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6827] <... mknodat resumed>) = 0 [pid 6827] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6827] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6828 attached [pid 6828] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6828] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6828] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6828] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6828] chdir(".") = 0 [pid 6828] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6826] <... futex resumed>) = 0 [pid 6826] exit_group(0 [pid 6827] <... futex resumed>) = ? [pid 6826] <... exit_group resumed>) = ? [pid 6827] +++ exited with 0 +++ [pid 6828] +++ exited with 0 +++ [pid 6826] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6826, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./606", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./606", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 140.260500][ T6827] loop0: detected capacity change from 0 to 1024 umount2("./606/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./606/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./606/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./606/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./606/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./606/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./606/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./606/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./606/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./606") = 0 mkdir("./607", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6829 ./strace-static-x86_64: Process 6829 attached [pid 6829] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6829] chdir("./607") = 0 [pid 6829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6829] setpgid(0, 0) = 0 [pid 6829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6829] write(3, "1000", 4) = 4 [pid 6829] close(3) = 0 [pid 6829] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6829] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6829] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6829] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6830], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6830 [pid 6829] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6829] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6830 attached [pid 6830] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6830] memfd_create("syzkaller", 0) = 3 [pid 6830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6830] munmap(0x7f5464ee2000, 524288) = 0 [pid 6830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6830] close(3) = 0 [pid 6830] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6830] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6830] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6830] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6830] ioctl(4, LOOP_CLR_FD) = 0 [pid 6830] close(4) = 0 [pid 6830] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6829] <... futex resumed>) = 0 [pid 6829] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6829] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6829] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6829] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6831], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6831 [pid 6829] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6829] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6830] <... futex resumed>) = 1 [pid 6830] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6830] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6830] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6831 attached [pid 6831] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6831] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6831] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6831] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6831] chdir(".") = 0 [pid 6831] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6829] <... futex resumed>) = 0 [pid 6829] exit_group(0 [pid 6830] <... futex resumed>) = ? [pid 6829] <... exit_group resumed>) = ? [pid 6830] +++ exited with 0 +++ [pid 6831] +++ exited with 0 +++ [pid 6829] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6829, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./607", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./607", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./607/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 140.359694][ T6830] loop0: detected capacity change from 0 to 1024 umount2("./607/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./607/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./607/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./607/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./607/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./607/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./607/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./607/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./607") = 0 mkdir("./608", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6832 ./strace-static-x86_64: Process 6832 attached [pid 6832] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6832] chdir("./608") = 0 [pid 6832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6832] setpgid(0, 0) = 0 [pid 6832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6832] write(3, "1000", 4) = 4 [pid 6832] close(3) = 0 [pid 6832] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6832] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6832] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6832] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6833 attached , parent_tid=[6833], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6833 [pid 6832] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6832] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6833] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6833] memfd_create("syzkaller", 0) = 3 [pid 6833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6833] munmap(0x7f5464ee2000, 524288) = 0 [pid 6833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6833] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6833] close(3) = 0 [pid 6833] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6833] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6833] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6833] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6833] ioctl(4, LOOP_CLR_FD) = 0 [pid 6833] close(4) = 0 [pid 6833] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6833] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6832] <... futex resumed>) = 0 [pid 6832] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6833] <... futex resumed>) = 0 [pid 6832] <... futex resumed>) = 1 [pid 6833] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6832] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6833] <... mknodat resumed>) = 0 [pid 6833] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6833] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6832] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6832] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6834 attached , parent_tid=[6834], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6834 [pid 6834] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6834] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6832] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6834] <... futex resumed>) = 0 [pid 6832] <... futex resumed>) = 1 [pid 6834] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6832] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6834] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6834] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6834] chdir(".") = 0 [pid 6834] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6832] <... futex resumed>) = 0 [pid 6832] exit_group(0 [pid 6833] <... futex resumed>) = ? [pid 6832] <... exit_group resumed>) = ? [pid 6833] +++ exited with 0 +++ [pid 6834] +++ exited with 0 +++ [pid 6832] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6832, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./608", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./608", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 140.464285][ T6833] loop0: detected capacity change from 0 to 1024 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./608/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./608/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./608/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./608/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./608/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./608/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./608/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./608/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./608/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./608") = 0 mkdir("./609", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6835 ./strace-static-x86_64: Process 6835 attached [pid 6835] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6835] chdir("./609") = 0 [pid 6835] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6835] setpgid(0, 0) = 0 [pid 6835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6835] write(3, "1000", 4) = 4 [pid 6835] close(3) = 0 [pid 6835] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6835] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6835] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6835] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6835] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6836 attached [pid 6836] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6835] <... clone resumed>, parent_tid=[6836], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6836 [pid 6836] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6835] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6835] <... futex resumed>) = 0 [pid 6835] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6836] memfd_create("syzkaller", 0) = 3 [pid 6836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6836] munmap(0x7f5464ee2000, 524288) = 0 [pid 6836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6836] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6836] close(3) = 0 [pid 6836] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6836] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6836] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6836] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6836] ioctl(4, LOOP_CLR_FD) = 0 [pid 6836] close(4) = 0 [pid 6836] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] <... futex resumed>) = 0 [pid 6835] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6835] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6835] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6835] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6835] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6837], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6837 [pid 6835] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6835] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6836] <... futex resumed>) = 1 [pid 6836] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6836] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6836] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6837 attached [pid 6837] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6837] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6837] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6837] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6837] chdir(".") = 0 [pid 6837] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] <... futex resumed>) = 0 [pid 6837] <... futex resumed>) = 1 [pid 6835] exit_group(0) = ? [pid 6836] <... futex resumed>) = ? [pid 6836] +++ exited with 0 +++ [pid 6837] +++ exited with 0 +++ [pid 6835] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6835, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./609", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./609", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./609/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./609/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./609/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./609/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./609/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 [ 140.595296][ T6836] loop0: detected capacity change from 0 to 1024 close(4) = 0 rmdir("./609/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./609/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./609/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./609/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./609") = 0 mkdir("./610", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6838 ./strace-static-x86_64: Process 6838 attached [pid 6838] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6838] chdir("./610") = 0 [pid 6838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6838] setpgid(0, 0) = 0 [pid 6838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6838] write(3, "1000", 4) = 4 [pid 6838] close(3) = 0 [pid 6838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6838] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6838] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6838] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6839 attached , parent_tid=[6839], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6839 [pid 6838] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6838] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6839] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6839] memfd_create("syzkaller", 0) = 3 [pid 6839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6839] munmap(0x7f5464ee2000, 524288) = 0 [pid 6839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6839] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6839] close(3) = 0 [pid 6839] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6839] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6839] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6839] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6839] ioctl(4, LOOP_CLR_FD) = 0 [pid 6839] close(4) = 0 [pid 6839] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6838] <... futex resumed>) = 0 [pid 6838] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6838] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6839] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6838] <... mmap resumed>) = 0x7f5464f41000 [pid 6838] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6838] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6840], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6840 [pid 6838] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6838] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6840 attached [pid 6839] <... mknodat resumed>) = 0 [pid 6840] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6840] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6840] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6839] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6839] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] <... mount resumed>) = 0 [pid 6840] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6840] chdir(".") = 0 [pid 6840] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] <... futex resumed>) = 0 [pid 6838] exit_group(0) = ? [pid 6840] <... futex resumed>) = ? [pid 6839] <... futex resumed>) = ? [pid 6840] +++ exited with 0 +++ [pid 6839] +++ exited with 0 +++ [pid 6838] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6838, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./610", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./610", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./610/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./610/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 140.701182][ T6839] loop0: detected capacity change from 0 to 1024 lstat("./610/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./610/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./610/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./610/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./610/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./610/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./610/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./610") = 0 mkdir("./611", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6841 ./strace-static-x86_64: Process 6841 attached [pid 6841] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6841] chdir("./611") = 0 [pid 6841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6841] setpgid(0, 0) = 0 [pid 6841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6841] write(3, "1000", 4) = 4 [pid 6841] close(3) = 0 [pid 6841] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6841] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6841] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6841] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6842 attached [pid 6842] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6841] <... clone resumed>, parent_tid=[6842], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6842 [pid 6842] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6841] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6842] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6841] <... futex resumed>) = 0 [pid 6841] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6842] memfd_create("syzkaller", 0) = 3 [pid 6842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6842] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6842] munmap(0x7f5464ee2000, 524288) = 0 [pid 6842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6842] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6842] close(3) = 0 [pid 6842] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6842] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6842] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6842] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6842] ioctl(4, LOOP_CLR_FD) = 0 [pid 6842] close(4) = 0 [pid 6842] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6842] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6841] <... futex resumed>) = 0 [pid 6841] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6842] <... futex resumed>) = 0 [pid 6841] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6842] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6841] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6841] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6843], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6843 [pid 6841] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6841] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6842] <... mknodat resumed>) = 0 [pid 6842] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6842] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6843 attached [pid 6843] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6843] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6843] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6843] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6843] chdir(".") = 0 [pid 6843] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6841] <... futex resumed>) = 0 [pid 6841] exit_group(0 [pid 6842] <... futex resumed>) = ? [pid 6841] <... exit_group resumed>) = ? [pid 6842] +++ exited with 0 +++ [pid 6843] +++ exited with 0 +++ [pid 6841] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6841, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./611", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./611", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 140.805282][ T6842] loop0: detected capacity change from 0 to 1024 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./611/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./611/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./611/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./611/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./611/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./611/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./611/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./611/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./611/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./611") = 0 mkdir("./612", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6844 ./strace-static-x86_64: Process 6844 attached [pid 6844] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6844] chdir("./612") = 0 [pid 6844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6844] setpgid(0, 0) = 0 [pid 6844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6844] write(3, "1000", 4) = 4 [pid 6844] close(3) = 0 [pid 6844] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6844] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6844] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6844] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6845], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6845 ./strace-static-x86_64: Process 6845 attached [pid 6844] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6844] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6845] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6845] memfd_create("syzkaller", 0) = 3 [pid 6845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6845] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6845] munmap(0x7f5464ee2000, 524288) = 0 [pid 6845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6845] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6845] close(3) = 0 [pid 6845] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6845] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6845] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6845] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6845] ioctl(4, LOOP_CLR_FD) = 0 [pid 6845] close(4) = 0 [pid 6845] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6844] <... futex resumed>) = 0 [pid 6845] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6844] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6844] <... futex resumed>) = 0 [pid 6845] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6844] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6845] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6844] <... futex resumed>) = 0 [pid 6845] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6844] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6844] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6846], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6846 ./strace-static-x86_64: Process 6846 attached [pid 6844] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6844] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6846] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6846] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6846] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6846] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6846] chdir(".") = 0 [pid 6846] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6844] <... futex resumed>) = 0 [pid 6846] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6844] exit_group(0 [pid 6846] <... futex resumed>) = ? [pid 6845] <... futex resumed>) = ? [pid 6844] <... exit_group resumed>) = ? [pid 6846] +++ exited with 0 +++ [pid 6845] +++ exited with 0 +++ [pid 6844] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6844, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./612", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./612", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 140.928999][ T6845] loop0: detected capacity change from 0 to 1024 umount2("./612/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./612/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./612/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./612/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./612/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./612/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./612/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./612/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./612/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./612") = 0 mkdir("./613", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6847 ./strace-static-x86_64: Process 6847 attached [pid 6847] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6847] chdir("./613") = 0 [pid 6847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6847] setpgid(0, 0) = 0 [pid 6847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6847] write(3, "1000", 4) = 4 [pid 6847] close(3) = 0 [pid 6847] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6847] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6847] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6847] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6848 attached , parent_tid=[6848], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6848 [pid 6847] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6847] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6848] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6848] memfd_create("syzkaller", 0) = 3 [pid 6848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6848] munmap(0x7f5464ee2000, 524288) = 0 [pid 6848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6848] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6848] close(3) = 0 [pid 6848] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6848] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6848] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6848] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6848] ioctl(4, LOOP_CLR_FD) = 0 [pid 6848] close(4) = 0 [pid 6848] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6848] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6847] <... futex resumed>) = 0 [pid 6847] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6848] <... futex resumed>) = 0 [pid 6847] <... futex resumed>) = 1 [pid 6848] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6847] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6847] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 6848] <... mknodat resumed>) = 0 [pid 6847] <... mprotect resumed>) = 0 [pid 6848] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6848] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6847] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6849], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6849 [pid 6847] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6849 attached [pid 6847] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6849] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6849] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6849] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6849] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6849] chdir(".") = 0 [pid 6849] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6847] <... futex resumed>) = 0 [pid 6849] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6847] exit_group(0 [pid 6848] <... futex resumed>) = ? [pid 6847] <... exit_group resumed>) = ? [pid 6848] +++ exited with 0 +++ [pid 6849] <... futex resumed>) = ? [pid 6849] +++ exited with 0 +++ [pid 6847] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6847, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./613", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./613", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./613/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./613/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./613/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./613/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./613/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./613/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./613/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./613/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./613/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 141.041752][ T6848] loop0: detected capacity change from 0 to 1024 rmdir("./613") = 0 mkdir("./614", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6850 ./strace-static-x86_64: Process 6850 attached [pid 6850] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6850] chdir("./614") = 0 [pid 6850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6850] setpgid(0, 0) = 0 [pid 6850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6850] write(3, "1000", 4) = 4 [pid 6850] close(3) = 0 [pid 6850] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6850] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6850] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6850] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6850] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6851], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6851 [pid 6850] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6850] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6851 attached [pid 6851] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6851] memfd_create("syzkaller", 0) = 3 [pid 6851] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6851] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6851] munmap(0x7f5464ee2000, 524288) = 0 [pid 6851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6851] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6851] close(3) = 0 [pid 6851] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6851] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6851] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6851] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6851] ioctl(4, LOOP_CLR_FD) = 0 [pid 6851] close(4) = 0 [pid 6851] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6850] <... futex resumed>) = 0 [pid 6850] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6850] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6850] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6850] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6850] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6852], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6852 [pid 6850] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6850] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6851] <... futex resumed>) = 1 [pid 6851] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6851] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6851] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6852 attached [pid 6852] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6852] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6852] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6852] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6852] chdir(".") = 0 [pid 6852] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6850] <... futex resumed>) = 0 [pid 6850] exit_group(0) = ? [pid 6851] <... futex resumed>) = ? [pid 6851] +++ exited with 0 +++ [pid 6852] +++ exited with 0 +++ [pid 6850] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6850, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./614", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./614", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./614/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./614/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./614/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./614/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./614/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./614/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./614/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./614/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./614/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 [ 141.130302][ T6851] loop0: detected capacity change from 0 to 1024 close(3) = 0 rmdir("./614") = 0 mkdir("./615", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6853 ./strace-static-x86_64: Process 6853 attached [pid 6853] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6853] chdir("./615") = 0 [pid 6853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6853] setpgid(0, 0) = 0 [pid 6853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6853] write(3, "1000", 4) = 4 [pid 6853] close(3) = 0 [pid 6853] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6853] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6853] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6853] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6853] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6854 attached , parent_tid=[6854], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6854 [pid 6854] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6854] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6853] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6853] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6854] <... futex resumed>) = 0 [pid 6854] memfd_create("syzkaller", 0) = 3 [pid 6854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6854] munmap(0x7f5464ee2000, 524288) = 0 [pid 6854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6854] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6854] close(3) = 0 [pid 6854] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6854] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6854] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6854] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6854] ioctl(4, LOOP_CLR_FD) = 0 [pid 6854] close(4) = 0 [pid 6854] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6853] <... futex resumed>) = 0 [pid 6853] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6854] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6853] <... futex resumed>) = 0 [pid 6853] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6853] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6853] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6853] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6855], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6855 [pid 6853] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6853] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6854] <... mknodat resumed>) = 0 [pid 6854] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6854] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6855 attached [pid 6855] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6855] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6855] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6855] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6855] chdir(".") = 0 [pid 6855] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6853] <... futex resumed>) = 0 [pid 6853] exit_group(0) = ? [pid 6854] <... futex resumed>) = ? [pid 6854] +++ exited with 0 +++ [pid 6855] <... futex resumed>) = ? [pid 6855] +++ exited with 0 +++ [pid 6853] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6853, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./615", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./615", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./615/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./615/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./615/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./615/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 141.223902][ T6854] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "./615/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./615/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./615/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./615/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./615/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./615") = 0 mkdir("./616", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6856 ./strace-static-x86_64: Process 6856 attached [pid 6856] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6856] chdir("./616") = 0 [pid 6856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6856] setpgid(0, 0) = 0 [pid 6856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6856] write(3, "1000", 4) = 4 [pid 6856] close(3) = 0 [pid 6856] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6856] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6856] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6856] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6856] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6857 attached [pid 6857] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6856] <... clone resumed>, parent_tid=[6857], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6857 [pid 6857] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6856] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6856] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6857] memfd_create("syzkaller", 0) = 3 [pid 6857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6857] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6857] munmap(0x7f5464ee2000, 524288) = 0 [pid 6857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6857] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6857] close(3) = 0 [pid 6857] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6857] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6857] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6857] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6857] ioctl(4, LOOP_CLR_FD) = 0 [pid 6857] close(4) = 0 [pid 6857] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6856] <... futex resumed>) = 0 [pid 6857] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6856] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6856] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6856] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6856] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6856] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6857] <... mknodat resumed>) = 0 [pid 6856] <... clone resumed>, parent_tid=[6858], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6858 [pid 6856] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6856] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6857] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6857] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6858 attached [pid 6858] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6858] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6858] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6858] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6858] chdir(".") = 0 [pid 6858] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6856] <... futex resumed>) = 0 [pid 6856] exit_group(0) = ? [pid 6857] <... futex resumed>) = ? [pid 6858] <... futex resumed>) = ? [pid 6857] +++ exited with 0 +++ [pid 6858] +++ exited with 0 +++ [pid 6856] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6856, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./616", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./616", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./616/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 141.338143][ T6857] loop0: detected capacity change from 0 to 1024 umount2("./616/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./616/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./616/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./616/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./616/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./616/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./616/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./616/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./616") = 0 mkdir("./617", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6859 ./strace-static-x86_64: Process 6859 attached [pid 6859] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6859] chdir("./617") = 0 [pid 6859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6859] setpgid(0, 0) = 0 [pid 6859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6859] write(3, "1000", 4) = 4 [pid 6859] close(3) = 0 [pid 6859] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6859] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6859] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6859] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6859] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6860], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6860 [pid 6859] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6859] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6860 attached [pid 6860] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6860] memfd_create("syzkaller", 0) = 3 [pid 6860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6860] munmap(0x7f5464ee2000, 524288) = 0 [pid 6860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6860] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6860] close(3) = 0 [pid 6860] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6860] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6860] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6860] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6860] ioctl(4, LOOP_CLR_FD) = 0 [pid 6860] close(4) = 0 [pid 6860] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6859] <... futex resumed>) = 0 [pid 6860] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6859] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6859] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6859] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6859] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6859] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6861], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6861 [pid 6859] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6859] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6860] <... mknodat resumed>) = 0 [pid 6860] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6860] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6861 attached [pid 6861] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6861] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6861] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6861] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6861] chdir(".") = 0 [pid 6861] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6859] <... futex resumed>) = 0 [pid 6861] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6859] exit_group(0 [pid 6860] <... futex resumed>) = ? [pid 6859] <... exit_group resumed>) = ? [pid 6860] +++ exited with 0 +++ [pid 6861] <... futex resumed>) = ? [pid 6861] +++ exited with 0 +++ [pid 6859] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6859, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./617", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./617", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./617/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./617/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./617/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./617/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./617/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 [ 141.438855][ T6860] loop0: detected capacity change from 0 to 1024 close(4) = 0 rmdir("./617/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./617/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./617/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./617/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./617") = 0 mkdir("./618", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6862 ./strace-static-x86_64: Process 6862 attached [pid 6862] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6862] chdir("./618") = 0 [pid 6862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6862] setpgid(0, 0) = 0 [pid 6862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6862] write(3, "1000", 4) = 4 [pid 6862] close(3) = 0 [pid 6862] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6862] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6862] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6862] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6863 attached , parent_tid=[6863], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6863 [pid 6862] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6862] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6863] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6863] memfd_create("syzkaller", 0) = 3 [pid 6863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6863] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6863] munmap(0x7f5464ee2000, 524288) = 0 [pid 6863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6863] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6863] close(3) = 0 [pid 6863] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6863] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6863] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6863] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6863] ioctl(4, LOOP_CLR_FD) = 0 [pid 6863] close(4) = 0 [pid 6863] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6862] <... futex resumed>) = 0 [pid 6862] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6862] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6862] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 6863] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6862] <... mprotect resumed>) = 0 [pid 6862] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6864], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6864 [pid 6862] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6862] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6864 attached [pid 6864] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6864] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6863] <... mknodat resumed>) = 0 [pid 6863] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6863] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6864] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6864] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6864] chdir(".") = 0 [pid 6864] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6862] <... futex resumed>) = 0 [pid 6862] exit_group(0 [pid 6863] <... futex resumed>) = ? [pid 6862] <... exit_group resumed>) = ? [pid 6864] +++ exited with 0 +++ [pid 6863] +++ exited with 0 +++ [pid 6862] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6862, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./618", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./618", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./618/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 141.546507][ T6863] loop0: detected capacity change from 0 to 1024 umount2("./618/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./618/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./618/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./618/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./618/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./618/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./618/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./618/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./618") = 0 mkdir("./619", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6865 ./strace-static-x86_64: Process 6865 attached [pid 6865] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6865] chdir("./619") = 0 [pid 6865] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6865] setpgid(0, 0) = 0 [pid 6865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6865] write(3, "1000", 4) = 4 [pid 6865] close(3) = 0 [pid 6865] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6865] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6865] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6865] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6866], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6866 ./strace-static-x86_64: Process 6866 attached [pid 6865] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6865] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6866] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6866] memfd_create("syzkaller", 0) = 3 [pid 6866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6866] munmap(0x7f5464ee2000, 524288) = 0 [pid 6866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6866] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6866] close(3) = 0 [pid 6866] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6866] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6866] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6866] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6866] ioctl(4, LOOP_CLR_FD) = 0 [pid 6866] close(4) = 0 [pid 6866] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6865] <... futex resumed>) = 0 [pid 6865] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6865] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6865] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6865] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6867 attached , parent_tid=[6867], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6867 [pid 6865] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6865] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6866] <... futex resumed>) = 1 [pid 6866] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6867] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6867] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6867] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6866] <... mknodat resumed>) = 0 [pid 6866] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6866] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6867] <... mount resumed>) = 0 [pid 6867] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6867] chdir(".") = 0 [pid 6867] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6865] <... futex resumed>) = 0 [pid 6865] exit_group(0) = ? [pid 6867] +++ exited with 0 +++ [pid 6866] <... futex resumed>) = ? [pid 6866] +++ exited with 0 +++ [pid 6865] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6865, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./619", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./619", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./619/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 141.662486][ T6866] loop0: detected capacity change from 0 to 1024 umount2("./619/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./619/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./619/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./619/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./619/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./619/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./619/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./619/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./619") = 0 mkdir("./620", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6868 ./strace-static-x86_64: Process 6868 attached [pid 6868] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6868] chdir("./620") = 0 [pid 6868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6868] setpgid(0, 0) = 0 [pid 6868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6868] write(3, "1000", 4) = 4 [pid 6868] close(3) = 0 [pid 6868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6868] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6868] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6868] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6869 attached , parent_tid=[6869], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6869 [pid 6868] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6868] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6869] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6869] memfd_create("syzkaller", 0) = 3 [pid 6869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6869] munmap(0x7f5464ee2000, 524288) = 0 [pid 6869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6869] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6869] close(3) = 0 [pid 6869] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6869] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6869] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6869] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6869] ioctl(4, LOOP_CLR_FD) = 0 [pid 6869] close(4) = 0 [pid 6869] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6868] <... futex resumed>) = 0 [pid 6868] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6868] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6868] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6868] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6870], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6870 [pid 6868] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6868] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6869] <... futex resumed>) = 1 [pid 6869] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6870 attached [pid 6870] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6870] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6870] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6869] <... mknodat resumed>) = 0 [pid 6869] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6869] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6870] <... mount resumed>) = 0 [pid 6870] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6870] chdir(".") = 0 [pid 6870] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6868] <... futex resumed>) = 0 [pid 6868] exit_group(0) = ? [pid 6869] <... futex resumed>) = ? [pid 6869] +++ exited with 0 +++ [pid 6870] +++ exited with 0 +++ [pid 6868] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6868, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./620", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./620", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./620/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./620/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./620/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./620/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./620/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./620/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./620/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./620/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./620/binderfs") = 0 [ 141.776156][ T6869] loop0: detected capacity change from 0 to 1024 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./620") = 0 mkdir("./621", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6871 ./strace-static-x86_64: Process 6871 attached [pid 6871] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6871] chdir("./621") = 0 [pid 6871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6871] setpgid(0, 0) = 0 [pid 6871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6871] write(3, "1000", 4) = 4 [pid 6871] close(3) = 0 [pid 6871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6871] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6871] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6871] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6872], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6872 [pid 6871] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6871] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6872 attached [pid 6872] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6872] memfd_create("syzkaller", 0) = 3 [pid 6872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6872] munmap(0x7f5464ee2000, 524288) = 0 [pid 6872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6872] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6872] close(3) = 0 [pid 6872] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6872] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6872] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6872] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6872] ioctl(4, LOOP_CLR_FD) = 0 [pid 6872] close(4) = 0 [pid 6872] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6872] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6871] <... futex resumed>) = 0 [pid 6871] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6872] <... futex resumed>) = 0 [pid 6871] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6872] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6871] <... futex resumed>) = 0 [pid 6871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6871] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6871] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6873], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6873 [pid 6872] <... mknodat resumed>) = 0 [pid 6871] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6871] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6872] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6872] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6873 attached [pid 6873] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6873] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6873] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6873] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6873] chdir(".") = 0 [pid 6873] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6871] <... futex resumed>) = 0 [pid 6873] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6871] exit_group(0 [pid 6872] <... futex resumed>) = ? [pid 6871] <... exit_group resumed>) = ? [pid 6872] +++ exited with 0 +++ [pid 6873] <... futex resumed>) = ? [pid 6873] +++ exited with 0 +++ [pid 6871] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6871, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./621", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./621", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./621/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./621/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./621/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./621/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./621/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./621/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./621/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./621/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./621/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 141.875421][ T6872] loop0: detected capacity change from 0 to 1024 rmdir("./621") = 0 mkdir("./622", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6874 ./strace-static-x86_64: Process 6874 attached [pid 6874] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6874] chdir("./622") = 0 [pid 6874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6874] setpgid(0, 0) = 0 [pid 6874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6874] write(3, "1000", 4) = 4 [pid 6874] close(3) = 0 [pid 6874] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6874] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6874] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6874] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6875], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6875 [pid 6874] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6874] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6875 attached [pid 6875] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6875] memfd_create("syzkaller", 0) = 3 [pid 6875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6875] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6875] munmap(0x7f5464ee2000, 524288) = 0 [pid 6875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6875] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6875] close(3) = 0 [pid 6875] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6875] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6875] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6875] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6875] ioctl(4, LOOP_CLR_FD) = 0 [pid 6875] close(4) = 0 [pid 6875] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6874] <... futex resumed>) = 0 [pid 6875] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6874] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6874] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6874] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6874] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6876], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6876 [pid 6874] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6875] <... mknodat resumed>) = 0 [pid 6874] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6875] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6875] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6876 attached [pid 6876] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6876] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6876] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6876] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6876] chdir(".") = 0 [pid 6876] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6874] <... futex resumed>) = 0 [pid 6874] exit_group(0 [pid 6875] <... futex resumed>) = ? [pid 6874] <... exit_group resumed>) = ? [pid 6875] +++ exited with 0 +++ [pid 6876] +++ exited with 0 +++ [pid 6874] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6874, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./622", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./622", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 141.971212][ T6875] loop0: detected capacity change from 0 to 1024 umount2("./622/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./622/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./622/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./622/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./622/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./622/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./622/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./622/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./622/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./622") = 0 mkdir("./623", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6877 ./strace-static-x86_64: Process 6877 attached [pid 6877] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6877] chdir("./623") = 0 [pid 6877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6877] setpgid(0, 0) = 0 [pid 6877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6877] write(3, "1000", 4) = 4 [pid 6877] close(3) = 0 [pid 6877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6877] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6877] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6877] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6878], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6878 [pid 6877] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6877] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6878 attached [pid 6878] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6878] memfd_create("syzkaller", 0) = 3 [pid 6878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6878] munmap(0x7f5464ee2000, 524288) = 0 [pid 6878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6878] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6878] close(3) = 0 [pid 6878] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6878] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6878] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6878] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6878] ioctl(4, LOOP_CLR_FD) = 0 [pid 6878] close(4) = 0 [pid 6878] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6877] <... futex resumed>) = 0 [pid 6878] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6877] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6878] <... mknodat resumed>) = 0 [pid 6877] <... futex resumed>) = 0 [pid 6878] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6877] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6878] <... futex resumed>) = 0 [pid 6877] <... futex resumed>) = 0 [pid 6878] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6877] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6877] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6879 attached , parent_tid=[6879], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6879 [pid 6877] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6877] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6879] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6879] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6879] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6879] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6879] chdir(".") = 0 [pid 6879] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6877] <... futex resumed>) = 0 [pid 6879] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6877] exit_group(0 [pid 6879] <... futex resumed>) = ? [pid 6878] <... futex resumed>) = ? [pid 6877] <... exit_group resumed>) = ? [pid 6879] +++ exited with 0 +++ [pid 6878] +++ exited with 0 +++ [pid 6877] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6877, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./623", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./623", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 142.088937][ T6878] loop0: detected capacity change from 0 to 1024 umount2("./623/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./623/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./623/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./623/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./623/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./623/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./623/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./623/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./623/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./623") = 0 mkdir("./624", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6880 attached , child_tidptr=0x5555561b25d0) = 6880 [pid 6880] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6880] chdir("./624") = 0 [pid 6880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6880] setpgid(0, 0) = 0 [pid 6880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6880] write(3, "1000", 4) = 4 [pid 6880] close(3) = 0 [pid 6880] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6880] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6880] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6880] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6881 attached , parent_tid=[6881], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6881 [pid 6881] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6881] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6880] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6881] <... futex resumed>) = 0 [pid 6880] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6881] memfd_create("syzkaller", 0) = 3 [pid 6881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6881] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6881] munmap(0x7f5464ee2000, 524288) = 0 [pid 6881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6881] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6881] close(3) = 0 [pid 6881] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6881] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6881] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6881] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6881] ioctl(4, LOOP_CLR_FD) = 0 [pid 6881] close(4) = 0 [pid 6881] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6880] <... futex resumed>) = 0 [pid 6880] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6880] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6880] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6881] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6880] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6882], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6882 [pid 6880] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6880] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6882 attached [pid 6881] <... mknodat resumed>) = 0 [pid 6881] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6882] set_robust_list(0x7f5464f619e0, 24 [pid 6881] <... futex resumed>) = 0 [pid 6882] <... set_robust_list resumed>) = 0 [pid 6881] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6882] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6882] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6882] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6882] chdir(".") = 0 [pid 6882] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6880] <... futex resumed>) = 0 [pid 6880] exit_group(0) = ? [pid 6881] <... futex resumed>) = ? [pid 6881] +++ exited with 0 +++ [pid 6882] +++ exited with 0 +++ [pid 6880] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6880, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./624", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./624", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./624/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./624/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./624/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 142.214910][ T6881] loop0: detected capacity change from 0 to 1024 umount2("./624/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./624/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./624/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./624/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./624/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./624/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./624") = 0 mkdir("./625", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6883 attached [pid 6883] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6883] chdir("./625") = 0 [pid 6883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6883] setpgid(0, 0) = 0 [pid 6883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6883] write(3, "1000", 4) = 4 [pid 6883] close(3) = 0 [pid 6883] symlink("/dev/binderfs", "./binderfs" [pid 4999] <... clone resumed>, child_tidptr=0x5555561b25d0) = 6883 [pid 6883] <... symlink resumed>) = 0 [pid 6883] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6883] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6883] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6884], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6884 [pid 6883] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6883] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6884 attached [pid 6884] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6884] memfd_create("syzkaller", 0) = 3 [pid 6884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6884] munmap(0x7f5464ee2000, 524288) = 0 [pid 6884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6884] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6884] close(3) = 0 [pid 6884] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6884] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6884] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6884] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6884] ioctl(4, LOOP_CLR_FD) = 0 [pid 6884] close(4) = 0 [pid 6884] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6883] <... futex resumed>) = 0 [pid 6883] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6883] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6884] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6883] <... mmap resumed>) = 0x7f5464f41000 [pid 6883] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6883] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6885], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6885 [pid 6883] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6883] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6885 attached [pid 6885] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6885] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6885] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6884] <... mknodat resumed>) = 0 [pid 6884] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6884] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6885] <... mount resumed>) = 0 [pid 6885] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6885] chdir(".") = 0 [pid 6885] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6883] <... futex resumed>) = 0 [pid 6883] exit_group(0) = ? [pid 6885] <... futex resumed>) = ? [pid 6884] <... futex resumed>) = ? [pid 6885] +++ exited with 0 +++ [pid 6884] +++ exited with 0 +++ [pid 6883] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6883, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./625", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./625", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 142.323331][ T6884] loop0: detected capacity change from 0 to 1024 umount2("./625/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./625/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./625/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./625/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./625/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./625/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./625/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./625/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./625/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./625") = 0 mkdir("./626", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6886 ./strace-static-x86_64: Process 6886 attached [pid 6886] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6886] chdir("./626") = 0 [pid 6886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6886] setpgid(0, 0) = 0 [pid 6886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6886] write(3, "1000", 4) = 4 [pid 6886] close(3) = 0 [pid 6886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6886] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6886] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6886] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6887], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6887 ./strace-static-x86_64: Process 6887 attached [pid 6887] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6887] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6886] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6887] <... futex resumed>) = 0 [pid 6886] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6887] memfd_create("syzkaller", 0) = 3 [pid 6887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6887] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6887] munmap(0x7f5464ee2000, 524288) = 0 [pid 6887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6887] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6887] close(3) = 0 [pid 6887] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6887] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6887] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6887] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6887] ioctl(4, LOOP_CLR_FD) = 0 [pid 6887] close(4) = 0 [pid 6887] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6886] <... futex resumed>) = 0 [pid 6886] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6886] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6886] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6886] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6888], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6888 [pid 6886] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6886] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6887] <... futex resumed>) = 1 [pid 6887] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6888 attached [pid 6888] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6888] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6888] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6887] <... mknodat resumed>) = 0 [pid 6888] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6887] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6888] <... openat resumed>) = 4 [pid 6887] <... futex resumed>) = 0 [pid 6888] chdir(".") = 0 [pid 6887] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6888] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6888] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6886] <... futex resumed>) = 0 [pid 6886] exit_group(0 [pid 6888] <... futex resumed>) = ? [pid 6886] <... exit_group resumed>) = ? [pid 6888] +++ exited with 0 +++ [pid 6887] <... futex resumed>) = ? [pid 6887] +++ exited with 0 +++ [pid 6886] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6886, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./626", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./626", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./626/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./626/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./626/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./626/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./626/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./626/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./626/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./626/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./626/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./626") = 0 mkdir("./627", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6889 [ 142.454706][ T6887] loop0: detected capacity change from 0 to 1024 ./strace-static-x86_64: Process 6889 attached [pid 6889] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6889] chdir("./627") = 0 [pid 6889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6889] setpgid(0, 0) = 0 [pid 6889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6889] write(3, "1000", 4) = 4 [pid 6889] close(3) = 0 [pid 6889] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6889] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6889] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6889] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6890 attached [pid 6890] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6889] <... clone resumed>, parent_tid=[6890], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6890 [pid 6889] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6889] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6890] memfd_create("syzkaller", 0) = 3 [pid 6890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6890] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6890] munmap(0x7f5464ee2000, 524288) = 0 [pid 6890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6890] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6890] close(3) = 0 [pid 6890] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6890] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6890] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6890] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6890] ioctl(4, LOOP_CLR_FD) = 0 [pid 6890] close(4) = 0 [pid 6890] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6890] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6889] <... futex resumed>) = 0 [pid 6889] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6889] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6890] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6889] <... mmap resumed>) = 0x7f5464f41000 [pid 6889] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 6890] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6889] <... mprotect resumed>) = 0 [pid 6889] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6891], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6891 [pid 6889] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6889] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6890] <... mknodat resumed>) = 0 [pid 6890] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6890] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6891 attached [pid 6891] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6891] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6891] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6891] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6891] chdir(".") = 0 [pid 6891] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6889] <... futex resumed>) = 0 [pid 6889] exit_group(0) = ? [pid 6891] +++ exited with 0 +++ [pid 6890] <... futex resumed>) = ? [pid 6890] +++ exited with 0 +++ [pid 6889] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6889, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./627", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./627", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 142.560893][ T6890] loop0: detected capacity change from 0 to 1024 umount2("./627/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./627/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./627/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./627/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./627/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./627/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./627/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./627/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./627/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./627") = 0 mkdir("./628", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6892 ./strace-static-x86_64: Process 6892 attached [pid 6892] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6892] chdir("./628") = 0 [pid 6892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6892] setpgid(0, 0) = 0 [pid 6892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6892] write(3, "1000", 4) = 4 [pid 6892] close(3) = 0 [pid 6892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6892] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6892] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6892] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6893 attached [pid 6893] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6893] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6892] <... clone resumed>, parent_tid=[6893], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6893 [pid 6892] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6893] <... futex resumed>) = 0 [pid 6892] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6893] memfd_create("syzkaller", 0) = 3 [pid 6893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6893] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6893] munmap(0x7f5464ee2000, 524288) = 0 [pid 6893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6893] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6893] close(3) = 0 [pid 6893] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6893] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6893] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6893] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6893] ioctl(4, LOOP_CLR_FD) = 0 [pid 6893] close(4) = 0 [pid 6893] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6893] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6892] <... futex resumed>) = 0 [pid 6892] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6892] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6893] <... futex resumed>) = 0 [pid 6892] <... mmap resumed>) = 0x7f5464f41000 [pid 6892] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 6893] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6892] <... mprotect resumed>) = 0 [pid 6892] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6894], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6894 [pid 6892] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6892] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6893] <... mknodat resumed>) = 0 [pid 6893] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6893] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6894 attached [pid 6894] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6894] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6894] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6894] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6894] chdir(".") = 0 [pid 6894] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6892] <... futex resumed>) = 0 [pid 6894] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6892] exit_group(0 [pid 6894] <... futex resumed>) = ? [pid 6892] <... exit_group resumed>) = ? [pid 6893] <... futex resumed>) = ? [pid 6893] +++ exited with 0 +++ [pid 6894] +++ exited with 0 +++ [pid 6892] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6892, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./628", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./628", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./628/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./628/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 142.673987][ T6893] loop0: detected capacity change from 0 to 1024 lstat("./628/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./628/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./628/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./628/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./628/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./628/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./628/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./628") = 0 mkdir("./629", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6895 ./strace-static-x86_64: Process 6895 attached [pid 6895] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6895] chdir("./629") = 0 [pid 6895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6895] setpgid(0, 0) = 0 [pid 6895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6895] write(3, "1000", 4) = 4 [pid 6895] close(3) = 0 [pid 6895] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6895] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6895] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6895] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6896 attached , parent_tid=[6896], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6896 [pid 6896] set_robust_list(0x7f546d3029e0, 24 [pid 6895] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6896] <... set_robust_list resumed>) = 0 [pid 6895] <... futex resumed>) = 0 [pid 6895] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6896] memfd_create("syzkaller", 0) = 3 [pid 6896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6896] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6896] munmap(0x7f5464ee2000, 524288) = 0 [pid 6896] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6896] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6896] close(3) = 0 [pid 6896] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6896] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6896] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6896] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6896] ioctl(4, LOOP_CLR_FD) = 0 [pid 6896] close(4) = 0 [pid 6896] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6895] <... futex resumed>) = 0 [pid 6895] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6895] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6896] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6895] <... mmap resumed>) = 0x7f5464f41000 [pid 6895] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6895] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6897], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6897 [pid 6895] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6895] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6897 attached [pid 6897] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6897] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6896] <... mknodat resumed>) = 0 [pid 6897] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6896] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6896] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6897] <... mount resumed>) = 0 [pid 6897] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6897] chdir(".") = 0 [pid 6897] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6895] <... futex resumed>) = 0 [pid 6897] <... futex resumed>) = 1 [pid 6895] exit_group(0 [pid 6897] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6896] <... futex resumed>) = ? [pid 6895] <... exit_group resumed>) = ? [pid 6897] <... futex resumed>) = ? [pid 6896] +++ exited with 0 +++ [pid 6897] +++ exited with 0 +++ [pid 6895] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6895, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./629", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./629", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./629/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./629/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 142.777751][ T6896] loop0: detected capacity change from 0 to 1024 lstat("./629/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./629/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./629/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./629/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./629/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./629/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./629/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./629") = 0 mkdir("./630", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6898 attached [pid 6898] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6898] chdir("./630") = 0 [pid 6898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6898] setpgid(0, 0) = 0 [pid 6898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6898] write(3, "1000", 4) = 4 [pid 6898] close(3) = 0 [pid 6898] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6898] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6898] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE [pid 4999] <... clone resumed>, child_tidptr=0x5555561b25d0) = 6898 [pid 6898] <... mprotect resumed>) = 0 [pid 6898] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6899], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6899 [pid 6898] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6898] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6899 attached [pid 6899] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6899] memfd_create("syzkaller", 0) = 3 [pid 6899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6899] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6899] munmap(0x7f5464ee2000, 524288) = 0 [pid 6899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6899] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6899] close(3) = 0 [pid 6899] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6899] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6899] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6899] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6899] ioctl(4, LOOP_CLR_FD) = 0 [pid 6899] close(4) = 0 [pid 6899] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6898] <... futex resumed>) = 0 [pid 6899] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6898] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6898] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6899] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6898] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6898] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6900], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6900 [pid 6898] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6898] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6900 attached [pid 6900] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6899] <... mknodat resumed>) = 0 [pid 6900] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6899] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6899] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6900] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6900] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6900] chdir(".") = 0 [pid 6900] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6898] <... futex resumed>) = 0 [pid 6898] exit_group(0 [pid 6899] <... futex resumed>) = ? [pid 6898] <... exit_group resumed>) = ? [pid 6899] +++ exited with 0 +++ [pid 6900] +++ exited with 0 +++ [pid 6898] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6898, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./630", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./630", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./630/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./630/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./630/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./630/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./630/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 142.894693][ T6899] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./630/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./630/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./630/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./630/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./630") = 0 mkdir("./631", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6901 ./strace-static-x86_64: Process 6901 attached [pid 6901] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6901] chdir("./631") = 0 [pid 6901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6901] setpgid(0, 0) = 0 [pid 6901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6901] write(3, "1000", 4) = 4 [pid 6901] close(3) = 0 [pid 6901] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6901] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6901] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6901] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6902], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6902 [pid 6901] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6901] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6902 attached [pid 6902] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6902] memfd_create("syzkaller", 0) = 3 [pid 6902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6902] munmap(0x7f5464ee2000, 524288) = 0 [pid 6902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6902] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6902] close(3) = 0 [pid 6902] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6902] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6902] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6902] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6902] ioctl(4, LOOP_CLR_FD) = 0 [pid 6902] close(4) = 0 [pid 6902] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6902] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6901] <... futex resumed>) = 0 [pid 6901] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6902] <... futex resumed>) = 0 [pid 6902] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6901] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6901] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6901] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6903], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6903 [pid 6901] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6901] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6902] <... mknodat resumed>) = 0 [pid 6902] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6902] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6903 attached [pid 6903] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6903] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6903] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6903] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6903] chdir(".") = 0 [pid 6903] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6901] <... futex resumed>) = 0 [pid 6901] exit_group(0) = ? [pid 6902] <... futex resumed>) = ? [pid 6903] +++ exited with 0 +++ [pid 6902] +++ exited with 0 +++ [pid 6901] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6901, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./631", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./631", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./631/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 142.989351][ T6902] loop0: detected capacity change from 0 to 1024 umount2("./631/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./631/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./631/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./631/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./631/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./631/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./631/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./631/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./631") = 0 mkdir("./632", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6904 ./strace-static-x86_64: Process 6904 attached [pid 6904] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6904] chdir("./632") = 0 [pid 6904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6904] setpgid(0, 0) = 0 [pid 6904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6904] write(3, "1000", 4) = 4 [pid 6904] close(3) = 0 [pid 6904] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6904] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6904] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6904] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6905], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6905 [pid 6904] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6904] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6905 attached [pid 6905] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6905] memfd_create("syzkaller", 0) = 3 [pid 6905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6905] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6905] munmap(0x7f5464ee2000, 524288) = 0 [pid 6905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6905] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6905] close(3) = 0 [pid 6905] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6905] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6905] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6905] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6905] ioctl(4, LOOP_CLR_FD) = 0 [pid 6905] close(4) = 0 [pid 6905] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6904] <... futex resumed>) = 0 [pid 6904] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6904] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6904] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6904] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6906], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6906 [pid 6904] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6904] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6905] <... futex resumed>) = 1 [pid 6905] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6905] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6905] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6906 attached [pid 6906] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6906] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6906] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6906] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6906] chdir(".") = 0 [pid 6906] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6904] <... futex resumed>) = 0 [pid 6904] exit_group(0) = ? [pid 6905] <... futex resumed>) = ? [pid 6905] +++ exited with 0 +++ [pid 6906] <... futex resumed>) = ? [pid 6906] +++ exited with 0 +++ [pid 6904] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6904, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./632", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./632", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./632/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./632/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./632/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./632/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./632/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 [ 143.105184][ T6905] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./632/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./632/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./632/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./632/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./632") = 0 mkdir("./633", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6907 attached , child_tidptr=0x5555561b25d0) = 6907 [pid 6907] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6907] chdir("./633") = 0 [pid 6907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6907] setpgid(0, 0) = 0 [pid 6907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6907] write(3, "1000", 4) = 4 [pid 6907] close(3) = 0 [pid 6907] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6907] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6907] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6907] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6908 attached , parent_tid=[6908], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6908 [pid 6908] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6908] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6907] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6908] <... futex resumed>) = 0 [pid 6907] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6908] memfd_create("syzkaller", 0) = 3 [pid 6908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6908] munmap(0x7f5464ee2000, 524288) = 0 [pid 6908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6908] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6908] close(3) = 0 [pid 6908] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6908] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6908] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6908] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6908] ioctl(4, LOOP_CLR_FD) = 0 [pid 6908] close(4) = 0 [pid 6908] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6907] <... futex resumed>) = 0 [pid 6907] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6907] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6907] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6907] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6909], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6909 ./strace-static-x86_64: Process 6909 attached [pid 6907] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6908] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6907] <... futex resumed>) = 0 [pid 6909] set_robust_list(0x7f5464f619e0, 24 [pid 6907] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6909] <... set_robust_list resumed>) = 0 [pid 6909] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6909] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6908] <... mknodat resumed>) = 0 [pid 6908] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6908] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6909] <... mount resumed>) = 0 [pid 6909] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6909] chdir(".") = 0 [pid 6909] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6907] <... futex resumed>) = 0 [pid 6909] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6907] exit_group(0 [pid 6908] <... futex resumed>) = ? [pid 6907] <... exit_group resumed>) = ? [pid 6909] <... futex resumed>) = ? [pid 6909] +++ exited with 0 +++ [pid 6908] +++ exited with 0 +++ [pid 6907] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6907, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./633", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./633", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 143.212911][ T6908] loop0: detected capacity change from 0 to 1024 umount2("./633/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./633/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./633/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./633/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./633/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./633/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./633/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./633/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./633/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./633") = 0 mkdir("./634", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6910 ./strace-static-x86_64: Process 6910 attached [pid 6910] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6910] chdir("./634") = 0 [pid 6910] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6910] setpgid(0, 0) = 0 [pid 6910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6910] write(3, "1000", 4) = 4 [pid 6910] close(3) = 0 [pid 6910] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6910] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6910] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6910] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6911], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6911 [pid 6910] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6910] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6911 attached [pid 6911] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6911] memfd_create("syzkaller", 0) = 3 [pid 6911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6911] munmap(0x7f5464ee2000, 524288) = 0 [pid 6911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6911] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6911] close(3) = 0 [pid 6911] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6911] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6911] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6911] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6911] ioctl(4, LOOP_CLR_FD) = 0 [pid 6911] close(4) = 0 [pid 6911] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6910] <... futex resumed>) = 0 [pid 6911] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6910] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6910] <... futex resumed>) = 0 [pid 6911] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6910] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6911] <... mknodat resumed>) = 0 [pid 6910] <... futex resumed>) = 0 [pid 6911] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6911] <... futex resumed>) = 0 [pid 6910] <... mmap resumed>) = 0x7f5464f41000 [pid 6911] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6910] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6910] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6912], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6912 [pid 6910] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6910] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6912 attached [pid 6912] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6912] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6912] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6912] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6912] chdir(".") = 0 [pid 6912] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6912] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6910] <... futex resumed>) = 0 [pid 6910] exit_group(0 [pid 6912] <... futex resumed>) = ? [pid 6911] <... futex resumed>) = ? [pid 6910] <... exit_group resumed>) = ? [pid 6912] +++ exited with 0 +++ [pid 6911] +++ exited with 0 +++ [pid 6910] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6910, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 143.311085][ T6911] loop0: detected capacity change from 0 to 1024 umount2("./634", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./634", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./634/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./634/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./634/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./634/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./634/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./634/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./634/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./634/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./634/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./634") = 0 mkdir("./635", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6913 ./strace-static-x86_64: Process 6913 attached [pid 6913] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6913] chdir("./635") = 0 [pid 6913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6913] setpgid(0, 0) = 0 [pid 6913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6913] write(3, "1000", 4) = 4 [pid 6913] close(3) = 0 [pid 6913] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6913] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6913] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6913] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6914 attached [pid 6914] set_robust_list(0x7f546d3029e0, 24 [pid 6913] <... clone resumed>, parent_tid=[6914], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6914 [pid 6914] <... set_robust_list resumed>) = 0 [pid 6913] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6913] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6914] memfd_create("syzkaller", 0) = 3 [pid 6914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6914] munmap(0x7f5464ee2000, 524288) = 0 [pid 6914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6914] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6914] close(3) = 0 [pid 6914] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6914] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6914] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6914] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6914] ioctl(4, LOOP_CLR_FD) = 0 [pid 6914] close(4) = 0 [pid 6914] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6914] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6913] <... futex resumed>) = 0 [pid 6913] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6913] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6914] <... futex resumed>) = 0 [pid 6913] <... futex resumed>) = 0 [pid 6913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6914] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6913] <... mmap resumed>) = 0x7f5464f41000 [pid 6913] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6913] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6915], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6915 [pid 6913] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6913] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6914] <... mknodat resumed>) = 0 [pid 6914] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6915 attached [pid 6914] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6915] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6915] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6915] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6915] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6915] chdir(".") = 0 [pid 6915] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6913] <... futex resumed>) = 0 [pid 6915] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6913] exit_group(0 [pid 6915] <... futex resumed>) = ? [pid 6913] <... exit_group resumed>) = ? [pid 6915] +++ exited with 0 +++ [pid 6914] <... futex resumed>) = ? [pid 6914] +++ exited with 0 +++ [pid 6913] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6913, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./635", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./635", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 143.427108][ T6914] loop0: detected capacity change from 0 to 1024 umount2("./635/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./635/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./635/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./635/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./635/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./635/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./635/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./635/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./635/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./635") = 0 mkdir("./636", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6916 ./strace-static-x86_64: Process 6916 attached [pid 6916] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6916] chdir("./636") = 0 [pid 6916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6916] setpgid(0, 0) = 0 [pid 6916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6916] write(3, "1000", 4) = 4 [pid 6916] close(3) = 0 [pid 6916] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6916] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6916] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6916] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6916] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6917 attached [pid 6917] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6916] <... clone resumed>, parent_tid=[6917], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6917 [pid 6916] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6916] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6917] memfd_create("syzkaller", 0) = 3 [pid 6917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6917] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6917] munmap(0x7f5464ee2000, 524288) = 0 [pid 6917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6917] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6917] close(3) = 0 [pid 6917] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6917] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6917] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6917] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6917] ioctl(4, LOOP_CLR_FD) = 0 [pid 6917] close(4) = 0 [pid 6917] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6917] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6916] <... futex resumed>) = 0 [pid 6916] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6917] <... futex resumed>) = 0 [pid 6916] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6917] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6916] <... futex resumed>) = 0 [pid 6916] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6916] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6916] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6918], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6918 [pid 6916] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6916] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6917] <... mknodat resumed>) = 0 [pid 6917] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6918 attached [pid 6918] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6918] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6918] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6917] <... futex resumed>) = 0 [pid 6917] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6918] <... mount resumed>) = 0 [pid 6918] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6918] chdir(".") = 0 [pid 6918] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6916] <... futex resumed>) = 0 [pid 6918] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6916] exit_group(0 [pid 6917] <... futex resumed>) = ? [pid 6916] <... exit_group resumed>) = ? [pid 6918] <... futex resumed>) = ? [pid 6917] +++ exited with 0 +++ [pid 6918] +++ exited with 0 +++ [pid 6916] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6916, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./636", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./636", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 143.545844][ T6917] loop0: detected capacity change from 0 to 1024 umount2("./636/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./636/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./636/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./636/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./636/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./636/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./636/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./636/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./636/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./636") = 0 mkdir("./637", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6919 ./strace-static-x86_64: Process 6919 attached [pid 6919] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6919] chdir("./637") = 0 [pid 6919] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6919] setpgid(0, 0) = 0 [pid 6919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6919] write(3, "1000", 4) = 4 [pid 6919] close(3) = 0 [pid 6919] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6919] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6919] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6919] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6920], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6920 [pid 6919] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6919] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6920 attached [pid 6920] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6920] memfd_create("syzkaller", 0) = 3 [pid 6920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6920] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6920] munmap(0x7f5464ee2000, 524288) = 0 [pid 6920] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6920] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6920] close(3) = 0 [pid 6920] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6920] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6920] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6920] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6920] ioctl(4, LOOP_CLR_FD) = 0 [pid 6920] close(4) = 0 [pid 6920] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6919] <... futex resumed>) = 0 [pid 6920] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6919] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6919] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6919] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6919] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6921], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6921 [pid 6919] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6919] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6920] <... mknodat resumed>) = 0 ./strace-static-x86_64: Process 6921 attached [pid 6920] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6920] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6921] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6921] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6921] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6921] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6921] chdir(".") = 0 [pid 6921] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6919] <... futex resumed>) = 0 [pid 6919] exit_group(0 [pid 6920] <... futex resumed>) = ? [pid 6919] <... exit_group resumed>) = ? [pid 6920] +++ exited with 0 +++ [pid 6921] <... futex resumed>) = ? [pid 6921] +++ exited with 0 +++ [pid 6919] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6919, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./637", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./637", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 143.679744][ T6920] loop0: detected capacity change from 0 to 1024 umount2("./637/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./637/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./637/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./637/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./637/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./637/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./637/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./637/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./637/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./637") = 0 mkdir("./638", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6922 ./strace-static-x86_64: Process 6922 attached [pid 6922] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6922] chdir("./638") = 0 [pid 6922] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6922] setpgid(0, 0) = 0 [pid 6922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6922] write(3, "1000", 4) = 4 [pid 6922] close(3) = 0 [pid 6922] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6922] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6922] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6922] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6922] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6923], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6923 [pid 6922] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6922] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6923 attached [pid 6923] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6923] memfd_create("syzkaller", 0) = 3 [pid 6923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6923] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6923] munmap(0x7f5464ee2000, 524288) = 0 [pid 6923] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6923] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6923] close(3) = 0 [pid 6923] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6923] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6923] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6923] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6923] ioctl(4, LOOP_CLR_FD) = 0 [pid 6923] close(4) = 0 [pid 6923] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6922] <... futex resumed>) = 0 [pid 6922] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6922] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6922] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6922] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6922] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6924], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6924 [pid 6922] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6922] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6923] <... futex resumed>) = 1 [pid 6923] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6924 attached ) = 0 [pid 6923] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6923] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6924] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6924] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6924] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6924] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6924] chdir(".") = 0 [pid 6924] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6922] <... futex resumed>) = 0 [pid 6922] exit_group(0) = ? [pid 6923] <... futex resumed>) = ? [pid 6923] +++ exited with 0 +++ [pid 6924] <... futex resumed>) = ? [pid 6924] +++ exited with 0 +++ [pid 6922] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6922, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./638", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./638", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./638/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./638/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./638/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./638/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./638/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./638/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./638/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 143.777260][ T6923] loop0: detected capacity change from 0 to 1024 lstat("./638/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./638/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./638") = 0 mkdir("./639", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6925 ./strace-static-x86_64: Process 6925 attached [pid 6925] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6925] chdir("./639") = 0 [pid 6925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6925] setpgid(0, 0) = 0 [pid 6925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6925] write(3, "1000", 4) = 4 [pid 6925] close(3) = 0 [pid 6925] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6925] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6925] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6925] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6926 attached , parent_tid=[6926], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6926 [pid 6925] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6926] set_robust_list(0x7f546d3029e0, 24 [pid 6925] <... futex resumed>) = 0 [pid 6925] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6926] <... set_robust_list resumed>) = 0 [pid 6926] memfd_create("syzkaller", 0) = 3 [pid 6926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6926] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6926] munmap(0x7f5464ee2000, 524288) = 0 [pid 6926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6926] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6926] close(3) = 0 [pid 6926] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6926] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6926] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6926] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6926] ioctl(4, LOOP_CLR_FD) = 0 [pid 6926] close(4) = 0 [pid 6926] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6925] <... futex resumed>) = 0 [pid 6925] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6925] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6925] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6925] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6927], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6927 [pid 6925] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6926] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6925] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6927 attached [pid 6925] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6927] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6927] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6927] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6926] <... mknodat resumed>) = 0 [pid 6926] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6926] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6927] <... mount resumed>) = 0 [pid 6927] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6927] chdir(".") = 0 [pid 6927] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6925] <... futex resumed>) = 0 [pid 6925] exit_group(0 [pid 6926] <... futex resumed>) = ? [pid 6925] <... exit_group resumed>) = ? [pid 6926] +++ exited with 0 +++ [pid 6927] <... futex resumed>) = ? [pid 6927] +++ exited with 0 +++ [pid 6925] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6925, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./639", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./639", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 143.880080][ T6926] loop0: detected capacity change from 0 to 1024 umount2("./639/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./639/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./639/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./639/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./639/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./639/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./639/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./639/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./639/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./639") = 0 mkdir("./640", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6928 ./strace-static-x86_64: Process 6928 attached [pid 6928] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6928] chdir("./640") = 0 [pid 6928] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6928] setpgid(0, 0) = 0 [pid 6928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6928] write(3, "1000", 4) = 4 [pid 6928] close(3) = 0 [pid 6928] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6928] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6928] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6928] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6928] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6929], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6929 [pid 6928] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6928] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6929 attached [pid 6929] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6929] memfd_create("syzkaller", 0) = 3 [pid 6929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6929] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6929] munmap(0x7f5464ee2000, 524288) = 0 [pid 6929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6929] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6929] close(3) = 0 [pid 6929] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6929] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6929] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6929] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6929] ioctl(4, LOOP_CLR_FD) = 0 [pid 6929] close(4) = 0 [pid 6929] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6928] <... futex resumed>) = 0 [pid 6928] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6928] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6928] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6928] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6928] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6930], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6930 [pid 6928] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6928] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6929] <... futex resumed>) = 1 [pid 6929] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6930 attached [pid 6930] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6930] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6930] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6929] <... mknodat resumed>) = 0 [pid 6929] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6929] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6930] <... mount resumed>) = 0 [pid 6930] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6930] chdir(".") = 0 [pid 6930] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6928] <... futex resumed>) = 0 [pid 6930] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6928] exit_group(0) = ? [pid 6930] <... futex resumed>) = ? [pid 6930] +++ exited with 0 +++ [pid 6929] <... futex resumed>) = ? [pid 6929] +++ exited with 0 +++ [pid 6928] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6928, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./640", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./640", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 143.989111][ T6929] loop0: detected capacity change from 0 to 1024 umount2("./640/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./640/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./640/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./640/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./640/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./640/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./640/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./640/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./640/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./640") = 0 mkdir("./641", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6931 ./strace-static-x86_64: Process 6931 attached [pid 6931] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6931] chdir("./641") = 0 [pid 6931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6931] setpgid(0, 0) = 0 [pid 6931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6931] write(3, "1000", 4) = 4 [pid 6931] close(3) = 0 [pid 6931] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6931] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6931] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6931] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6932 attached , parent_tid=[6932], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6932 [pid 6931] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6932] set_robust_list(0x7f546d3029e0, 24 [pid 6931] <... futex resumed>) = 0 [pid 6931] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6932] <... set_robust_list resumed>) = 0 [pid 6932] memfd_create("syzkaller", 0) = 3 [pid 6932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6932] munmap(0x7f5464ee2000, 524288) = 0 [pid 6932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6932] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6932] close(3) = 0 [pid 6932] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6932] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6932] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6932] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6932] ioctl(4, LOOP_CLR_FD) = 0 [pid 6932] close(4) = 0 [pid 6932] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6931] <... futex resumed>) = 0 [pid 6932] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6931] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6931] <... futex resumed>) = 0 [pid 6932] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6931] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6931] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6931] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6933], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6933 [pid 6931] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6931] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6933 attached [pid 6933] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6933] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6933] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6932] <... mknodat resumed>) = 0 [pid 6932] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6932] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6933] <... mount resumed>) = 0 [pid 6933] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6933] chdir(".") = 0 [pid 6933] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6931] <... futex resumed>) = 0 [pid 6931] exit_group(0) = ? [pid 6933] <... futex resumed>) = ? [pid 6932] <... futex resumed>) = ? [pid 6933] +++ exited with 0 +++ [pid 6932] +++ exited with 0 +++ [pid 6931] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6931, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./641", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./641", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./641/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./641/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./641/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./641/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./641/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./641/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./641/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 144.111672][ T6932] loop0: detected capacity change from 0 to 1024 lstat("./641/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./641/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./641") = 0 mkdir("./642", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6934 ./strace-static-x86_64: Process 6934 attached [pid 6934] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6934] chdir("./642") = 0 [pid 6934] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6934] setpgid(0, 0) = 0 [pid 6934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6934] write(3, "1000", 4) = 4 [pid 6934] close(3) = 0 [pid 6934] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6934] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6934] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6934] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6934] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6935], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6935 [pid 6934] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6934] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6935 attached [pid 6935] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6935] memfd_create("syzkaller", 0) = 3 [pid 6935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6935] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6935] munmap(0x7f5464ee2000, 524288) = 0 [pid 6935] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6935] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6935] close(3) = 0 [pid 6935] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6935] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6935] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6935] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6935] ioctl(4, LOOP_CLR_FD) = 0 [pid 6935] close(4) = 0 [pid 6935] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6934] <... futex resumed>) = 0 [pid 6934] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6934] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6934] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6935] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6934] <... mmap resumed>) = 0x7f5464f41000 [pid 6934] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6934] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6936], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6936 [pid 6934] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6934] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6936 attached [pid 6936] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6936] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6936] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6935] <... mknodat resumed>) = 0 [pid 6935] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6936] <... mount resumed>) = 0 [pid 6936] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6936] chdir(".") = 0 [pid 6936] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] <... futex resumed>) = 0 [pid 6934] exit_group(0) = ? [pid 6936] <... futex resumed>) = ? [pid 6935] +++ exited with 0 +++ [pid 6936] +++ exited with 0 +++ [pid 6934] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6934, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./642", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./642", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./642/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./642/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./642/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./642/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./642/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./642/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./642/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./642/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 144.218189][ T6935] loop0: detected capacity change from 0 to 1024 unlink("./642/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./642") = 0 mkdir("./643", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6937 ./strace-static-x86_64: Process 6937 attached [pid 6937] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6937] chdir("./643") = 0 [pid 6937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6937] setpgid(0, 0) = 0 [pid 6937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6937] write(3, "1000", 4) = 4 [pid 6937] close(3) = 0 [pid 6937] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6937] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6937] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6937] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6937] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6938], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6938 ./strace-static-x86_64: Process 6938 attached [pid 6937] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6937] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6938] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6938] memfd_create("syzkaller", 0) = 3 [pid 6938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6938] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6938] munmap(0x7f5464ee2000, 524288) = 0 [pid 6938] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6938] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6938] close(3) = 0 [pid 6938] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6938] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6938] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6938] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6938] ioctl(4, LOOP_CLR_FD) = 0 [pid 6938] close(4) = 0 [pid 6938] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6937] <... futex resumed>) = 0 [pid 6937] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6937] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6937] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6938] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6937] <... mmap resumed>) = 0x7f5464f41000 [pid 6937] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6937] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6939], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6939 [pid 6937] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6937] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6938] <... mknodat resumed>) = 0 [pid 6938] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6939 attached ) = 0 [pid 6938] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6939] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6939] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6939] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6939] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6939] chdir(".") = 0 [pid 6939] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6937] <... futex resumed>) = 0 [pid 6937] exit_group(0 [pid 6938] <... futex resumed>) = ? [pid 6937] <... exit_group resumed>) = ? [pid 6938] +++ exited with 0 +++ [pid 6939] +++ exited with 0 +++ [pid 6937] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6937, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./643", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./643", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./643/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./643/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 144.330869][ T6938] loop0: detected capacity change from 0 to 1024 lstat("./643/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./643/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./643/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./643/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./643/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./643/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./643/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./643") = 0 mkdir("./644", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6940 attached , child_tidptr=0x5555561b25d0) = 6940 [pid 6940] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6940] chdir("./644") = 0 [pid 6940] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6940] setpgid(0, 0) = 0 [pid 6940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6940] write(3, "1000", 4) = 4 [pid 6940] close(3) = 0 [pid 6940] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6940] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6940] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6940] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6940] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6941], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6941 [pid 6940] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6940] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6941 attached [pid 6941] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6941] memfd_create("syzkaller", 0) = 3 [pid 6941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6941] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6941] munmap(0x7f5464ee2000, 524288) = 0 [pid 6941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6941] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6941] close(3) = 0 [pid 6941] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6941] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6941] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6941] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6941] ioctl(4, LOOP_CLR_FD) = 0 [pid 6941] close(4) = 0 [pid 6941] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6940] <... futex resumed>) = 0 [pid 6940] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6941] <... futex resumed>) = 1 [pid 6940] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6941] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6940] <... futex resumed>) = 0 [pid 6940] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6940] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6940] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6942], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6942 [pid 6940] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6940] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6941] <... mknodat resumed>) = 0 [pid 6941] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6941] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6942 attached [pid 6942] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6942] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6942] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6942] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6942] chdir(".") = 0 [pid 6942] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6940] <... futex resumed>) = 0 [pid 6940] exit_group(0 [pid 6941] <... futex resumed>) = ? [pid 6940] <... exit_group resumed>) = ? [pid 6941] +++ exited with 0 +++ [pid 6942] <... futex resumed>) = ? [pid 6942] +++ exited with 0 +++ [pid 6940] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6940, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./644", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./644", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./644/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./644/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./644/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./644/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./644/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./644/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./644/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./644/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./644/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 [ 144.441307][ T6941] loop0: detected capacity change from 0 to 1024 close(3) = 0 rmdir("./644") = 0 mkdir("./645", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6943 ./strace-static-x86_64: Process 6943 attached [pid 6943] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6943] chdir("./645") = 0 [pid 6943] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6943] setpgid(0, 0) = 0 [pid 6943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6943] write(3, "1000", 4) = 4 [pid 6943] close(3) = 0 [pid 6943] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6943] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6943] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6943] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6944 attached [pid 6944] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6944] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6943] <... clone resumed>, parent_tid=[6944], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6944 [pid 6943] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6944] <... futex resumed>) = 0 [pid 6944] memfd_create("syzkaller", 0) = 3 [pid 6944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6943] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6944] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6944] munmap(0x7f5464ee2000, 524288) = 0 [pid 6944] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6944] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6944] close(3) = 0 [pid 6944] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6944] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6944] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6944] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6944] ioctl(4, LOOP_CLR_FD) = 0 [pid 6944] close(4) = 0 [pid 6944] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6943] <... futex resumed>) = 0 [pid 6943] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6943] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6943] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6943] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6945], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6945 [pid 6943] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6943] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6944] <... futex resumed>) = 1 [pid 6944] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6945 attached [pid 6945] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6945] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6945] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6944] <... mknodat resumed>) = 0 [pid 6944] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6944] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6945] <... mount resumed>) = 0 [pid 6945] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6945] chdir(".") = 0 [pid 6945] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6943] <... futex resumed>) = 0 [pid 6943] exit_group(0) = ? [pid 6944] <... futex resumed>) = ? [pid 6944] +++ exited with 0 +++ [pid 6945] <... futex resumed>) = ? [pid 6945] +++ exited with 0 +++ [pid 6943] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6943, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./645", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./645", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./645/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./645/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./645/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./645/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./645/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 144.556888][ T6944] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./645/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./645/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./645/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./645/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./645") = 0 mkdir("./646", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6946 ./strace-static-x86_64: Process 6946 attached [pid 6946] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6946] chdir("./646") = 0 [pid 6946] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6946] setpgid(0, 0) = 0 [pid 6946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6946] write(3, "1000", 4) = 4 [pid 6946] close(3) = 0 [pid 6946] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6946] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6946] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6946] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6947 attached , parent_tid=[6947], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6947 [pid 6947] set_robust_list(0x7f546d3029e0, 24 [pid 6946] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6947] <... set_robust_list resumed>) = 0 [pid 6946] <... futex resumed>) = 0 [pid 6946] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6947] memfd_create("syzkaller", 0) = 3 [pid 6947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6947] munmap(0x7f5464ee2000, 524288) = 0 [pid 6947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6947] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6947] close(3) = 0 [pid 6947] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6947] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6947] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6947] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6947] ioctl(4, LOOP_CLR_FD) = 0 [pid 6947] close(4) = 0 [pid 6947] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6947] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6946] <... futex resumed>) = 0 [pid 6946] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6946] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6946] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 6947] <... futex resumed>) = 0 [pid 6946] <... mprotect resumed>) = 0 [pid 6947] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6946] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6948], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6948 [pid 6946] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6946] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6948 attached [pid 6948] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6948] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6948] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6947] <... mknodat resumed>) = 0 [pid 6947] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6947] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6948] <... mount resumed>) = 0 [pid 6948] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6948] chdir(".") = 0 [pid 6948] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6946] <... futex resumed>) = 0 [pid 6946] exit_group(0 [pid 6947] <... futex resumed>) = ? [pid 6946] <... exit_group resumed>) = ? [pid 6948] <... futex resumed>) = ? [pid 6947] +++ exited with 0 +++ [pid 6948] +++ exited with 0 +++ [pid 6946] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6946, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./646", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./646", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./646/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 144.661449][ T6947] loop0: detected capacity change from 0 to 1024 umount2("./646/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./646/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./646/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./646/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./646/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./646/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./646/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./646/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./646") = 0 mkdir("./647", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6949 ./strace-static-x86_64: Process 6949 attached [pid 6949] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6949] chdir("./647") = 0 [pid 6949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6949] setpgid(0, 0) = 0 [pid 6949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6949] write(3, "1000", 4) = 4 [pid 6949] close(3) = 0 [pid 6949] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6949] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6949] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6949] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6949] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6950], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6950 [pid 6949] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6949] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6950 attached [pid 6950] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6950] memfd_create("syzkaller", 0) = 3 [pid 6950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6950] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6950] munmap(0x7f5464ee2000, 524288) = 0 [pid 6950] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6950] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6950] close(3) = 0 [pid 6950] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6950] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6950] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6950] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6950] ioctl(4, LOOP_CLR_FD) = 0 [pid 6950] close(4) = 0 [pid 6950] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6950] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6949] <... futex resumed>) = 0 [pid 6949] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6950] <... futex resumed>) = 0 [pid 6949] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6950] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6949] <... futex resumed>) = 0 [pid 6949] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6950] <... mknodat resumed>) = 0 [pid 6950] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6950] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6949] <... mmap resumed>) = 0x7f5464f41000 [pid 6949] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6949] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6951], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6951 ./strace-static-x86_64: Process 6951 attached [pid 6949] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6951] set_robust_list(0x7f5464f619e0, 24 [pid 6949] <... futex resumed>) = 0 [pid 6951] <... set_robust_list resumed>) = 0 [pid 6949] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6951] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6951] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6951] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6951] chdir(".") = 0 [pid 6951] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6949] <... futex resumed>) = 0 [pid 6951] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6949] exit_group(0 [pid 6951] <... futex resumed>) = ? [pid 6950] <... futex resumed>) = ? [pid 6949] <... exit_group resumed>) = ? [pid 6950] +++ exited with 0 +++ [pid 6951] +++ exited with 0 +++ [pid 6949] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6949, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./647", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./647", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 144.788361][ T6950] loop0: detected capacity change from 0 to 1024 umount2("./647/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./647/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./647/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./647/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./647/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./647/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./647/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./647/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./647/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./647") = 0 mkdir("./648", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6952 ./strace-static-x86_64: Process 6952 attached [pid 6952] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6952] chdir("./648") = 0 [pid 6952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6952] setpgid(0, 0) = 0 [pid 6952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6952] write(3, "1000", 4) = 4 [pid 6952] close(3) = 0 [pid 6952] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6952] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6952] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6952] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6953 attached [pid 6953] set_robust_list(0x7f546d3029e0, 24 [pid 6952] <... clone resumed>, parent_tid=[6953], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6953 [pid 6953] <... set_robust_list resumed>) = 0 [pid 6952] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6952] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6953] memfd_create("syzkaller", 0) = 3 [pid 6953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6953] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6953] munmap(0x7f5464ee2000, 524288) = 0 [pid 6953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6953] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6953] close(3) = 0 [pid 6953] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6953] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6953] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6953] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6953] ioctl(4, LOOP_CLR_FD) = 0 [pid 6953] close(4) = 0 [pid 6953] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6952] <... futex resumed>) = 0 [pid 6953] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6952] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6953] <... futex resumed>) = 0 [pid 6952] <... futex resumed>) = 1 [pid 6953] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6952] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6952] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6953] <... mknodat resumed>) = 0 [pid 6952] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6953] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6953] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6954 attached [pid 6954] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6954] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6952] <... clone resumed>, parent_tid=[6954], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6954 [pid 6952] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6952] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6954] <... futex resumed>) = 0 [pid 6954] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6954] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6954] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6954] chdir(".") = 0 [pid 6954] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6952] <... futex resumed>) = 0 [pid 6954] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6952] exit_group(0 [pid 6954] <... futex resumed>) = ? [pid 6953] <... futex resumed>) = ? [pid 6952] <... exit_group resumed>) = ? [pid 6954] +++ exited with 0 +++ [pid 6953] +++ exited with 0 +++ [pid 6952] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6952, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./648", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./648", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 144.904539][ T6953] loop0: detected capacity change from 0 to 1024 umount2("./648/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./648/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./648/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./648/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./648/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./648/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./648/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./648/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./648/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./648") = 0 mkdir("./649", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6955 ./strace-static-x86_64: Process 6955 attached [pid 6955] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6955] chdir("./649") = 0 [pid 6955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6955] setpgid(0, 0) = 0 [pid 6955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6955] write(3, "1000", 4) = 4 [pid 6955] close(3) = 0 [pid 6955] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6955] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6955] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6955] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6956], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6956 [pid 6955] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6955] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6956 attached [pid 6956] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6956] memfd_create("syzkaller", 0) = 3 [pid 6956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6956] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6956] munmap(0x7f5464ee2000, 524288) = 0 [pid 6956] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6956] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6956] close(3) = 0 [pid 6956] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6956] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6956] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6956] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6956] ioctl(4, LOOP_CLR_FD) = 0 [pid 6956] close(4) = 0 [pid 6956] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6955] <... futex resumed>) = 0 [pid 6955] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6955] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6956] <... futex resumed>) = 1 [pid 6955] <... mmap resumed>) = 0x7f5464f41000 [pid 6956] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6955] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6955] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6957], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6957 [pid 6955] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6955] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6957 attached [pid 6956] <... mknodat resumed>) = 0 [pid 6956] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6957] set_robust_list(0x7f5464f619e0, 24 [pid 6956] <... futex resumed>) = 0 [pid 6956] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6957] <... set_robust_list resumed>) = 0 [pid 6957] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6957] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6957] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6957] chdir(".") = 0 [pid 6957] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6955] <... futex resumed>) = 0 [pid 6957] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6955] exit_group(0 [pid 6957] <... futex resumed>) = ? [pid 6956] <... futex resumed>) = ? [pid 6955] <... exit_group resumed>) = ? [pid 6956] +++ exited with 0 +++ [pid 6957] +++ exited with 0 +++ [pid 6955] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6955, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./649", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./649", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./649/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./649/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./649/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./649/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./649/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./649/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./649/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./649/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./649/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./649") = 0 mkdir("./650", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 145.005208][ T6956] loop0: detected capacity change from 0 to 1024 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6958 ./strace-static-x86_64: Process 6958 attached [pid 6958] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6958] chdir("./650") = 0 [pid 6958] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6958] setpgid(0, 0) = 0 [pid 6958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6958] write(3, "1000", 4) = 4 [pid 6958] close(3) = 0 [pid 6958] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6958] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6958] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6958] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6958] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6959], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6959 [pid 6958] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6958] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6959 attached [pid 6959] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6959] memfd_create("syzkaller", 0) = 3 [pid 6959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6959] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6959] munmap(0x7f5464ee2000, 524288) = 0 [pid 6959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6959] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6959] close(3) = 0 [pid 6959] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6959] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6959] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6959] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6959] ioctl(4, LOOP_CLR_FD) = 0 [pid 6959] close(4) = 0 [pid 6959] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6958] <... futex resumed>) = 0 [pid 6959] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6958] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6959] <... futex resumed>) = 0 [pid 6958] <... futex resumed>) = 1 [pid 6959] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6958] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6958] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6958] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6959] <... mknodat resumed>) = 0 [pid 6958] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6959] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6959] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6958] <... clone resumed>, parent_tid=[6960], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6960 [pid 6958] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6958] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6960 attached [pid 6960] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6960] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6960] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6960] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6960] chdir(".") = 0 [pid 6960] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6958] <... futex resumed>) = 0 [pid 6960] <... futex resumed>) = 1 [pid 6958] exit_group(0 [pid 6959] <... futex resumed>) = ? [pid 6958] <... exit_group resumed>) = ? [pid 6959] +++ exited with 0 +++ [pid 6960] +++ exited with 0 +++ [pid 6958] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6958, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./650", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./650", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 145.114554][ T6959] loop0: detected capacity change from 0 to 1024 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./650/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./650/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./650/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./650/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./650/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./650/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./650/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./650/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./650/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./650") = 0 mkdir("./651", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6961 ./strace-static-x86_64: Process 6961 attached [pid 6961] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6961] chdir("./651") = 0 [pid 6961] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6961] setpgid(0, 0) = 0 [pid 6961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6961] write(3, "1000", 4) = 4 [pid 6961] close(3) = 0 [pid 6961] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6961] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6961] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6961] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6961] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6962], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6962 [pid 6961] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6961] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6962 attached [pid 6962] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6962] memfd_create("syzkaller", 0) = 3 [pid 6962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6962] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6962] munmap(0x7f5464ee2000, 524288) = 0 [pid 6962] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6962] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6962] close(3) = 0 [pid 6962] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6962] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6962] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6962] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6962] ioctl(4, LOOP_CLR_FD) = 0 [pid 6962] close(4) = 0 [pid 6962] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6961] <... futex resumed>) = 0 [pid 6961] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6961] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6961] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6961] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6961] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6963], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6963 [pid 6961] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6961] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6962] <... futex resumed>) = 1 [pid 6962] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6963 attached ) = 0 [pid 6962] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6962] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6963] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6963] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6963] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6963] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6963] chdir(".") = 0 [pid 6963] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6961] <... futex resumed>) = 0 [pid 6963] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6961] exit_group(0 [pid 6963] <... futex resumed>) = ? [pid 6962] <... futex resumed>) = ? [pid 6961] <... exit_group resumed>) = ? [pid 6962] +++ exited with 0 +++ [pid 6963] +++ exited with 0 +++ [pid 6961] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6961, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./651", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./651", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 145.217078][ T6962] loop0: detected capacity change from 0 to 1024 umount2("./651/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./651/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./651/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./651/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./651/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./651/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./651/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./651/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./651/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./651") = 0 mkdir("./652", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6964 ./strace-static-x86_64: Process 6964 attached [pid 6964] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6964] chdir("./652") = 0 [pid 6964] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6964] setpgid(0, 0) = 0 [pid 6964] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6964] write(3, "1000", 4) = 4 [pid 6964] close(3) = 0 [pid 6964] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6964] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6964] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6964] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6964] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6965], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6965 [pid 6964] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6964] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6965 attached [pid 6965] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6965] memfd_create("syzkaller", 0) = 3 [pid 6965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6965] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6965] munmap(0x7f5464ee2000, 524288) = 0 [pid 6965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6965] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6965] close(3) = 0 [pid 6965] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6965] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6965] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6965] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6965] ioctl(4, LOOP_CLR_FD) = 0 [pid 6965] close(4) = 0 [pid 6965] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6965] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6964] <... futex resumed>) = 0 [pid 6964] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6964] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6964] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6964] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6964] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6965] <... futex resumed>) = 0 [pid 6964] <... clone resumed>, parent_tid=[6966], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6966 [pid 6964] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6964] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6965] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 6966 attached [pid 6966] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6966] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6966] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6965] <... mknodat resumed>) = 0 [pid 6965] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6965] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6966] <... mount resumed>) = 0 [pid 6966] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6966] chdir(".") = 0 [pid 6966] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6964] <... futex resumed>) = 0 [pid 6966] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6964] exit_group(0) = ? [pid 6966] <... futex resumed>) = ? [pid 6966] +++ exited with 0 +++ [pid 6965] <... futex resumed>) = ? [pid 6965] +++ exited with 0 +++ [pid 6964] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6964, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./652", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./652", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 145.324351][ T6965] loop0: detected capacity change from 0 to 1024 umount2("./652/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./652/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./652/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./652/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./652/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./652/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./652/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./652/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./652/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./652") = 0 mkdir("./653", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6967 ./strace-static-x86_64: Process 6967 attached [pid 6967] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6967] chdir("./653") = 0 [pid 6967] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6967] setpgid(0, 0) = 0 [pid 6967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6967] write(3, "1000", 4) = 4 [pid 6967] close(3) = 0 [pid 6967] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6967] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6967] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6967] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6968 attached , parent_tid=[6968], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6968 [pid 6968] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6968] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6967] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6968] <... futex resumed>) = 0 [pid 6967] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6968] memfd_create("syzkaller", 0) = 3 [pid 6968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6968] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6968] munmap(0x7f5464ee2000, 524288) = 0 [pid 6968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6968] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6968] close(3) = 0 [pid 6968] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6968] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6968] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6968] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6968] ioctl(4, LOOP_CLR_FD) = 0 [pid 6968] close(4) = 0 [pid 6968] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6968] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6967] <... futex resumed>) = 0 [pid 6967] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6967] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6968] <... futex resumed>) = 0 [pid 6967] <... futex resumed>) = 0 [pid 6968] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6967] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6967] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6969 attached , parent_tid=[6969], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6969 [pid 6967] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6969] set_robust_list(0x7f5464f619e0, 24 [pid 6967] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6968] <... mknodat resumed>) = 0 [pid 6968] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6968] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6969] <... set_robust_list resumed>) = 0 [pid 6969] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6969] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6969] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6969] chdir(".") = 0 [pid 6969] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6967] <... futex resumed>) = 0 [pid 6969] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6967] exit_group(0 [pid 6968] <... futex resumed>) = ? [pid 6967] <... exit_group resumed>) = ? [pid 6968] +++ exited with 0 +++ [pid 6969] <... futex resumed>) = ? [pid 6969] +++ exited with 0 +++ [pid 6967] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6967, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./653", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./653", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 145.448060][ T6968] loop0: detected capacity change from 0 to 1024 umount2("./653/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./653/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./653/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./653/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./653/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./653/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./653/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./653/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./653/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./653") = 0 mkdir("./654", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6970 ./strace-static-x86_64: Process 6970 attached [pid 6970] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6970] chdir("./654") = 0 [pid 6970] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6970] setpgid(0, 0) = 0 [pid 6970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6970] write(3, "1000", 4) = 4 [pid 6970] close(3) = 0 [pid 6970] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6970] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6970] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6970] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6971], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6971 [pid 6970] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6970] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6971 attached [pid 6971] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6971] memfd_create("syzkaller", 0) = 3 [pid 6971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6971] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6971] munmap(0x7f5464ee2000, 524288) = 0 [pid 6971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6971] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6971] close(3) = 0 [pid 6971] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6971] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6971] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6971] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6971] ioctl(4, LOOP_CLR_FD) = 0 [pid 6971] close(4) = 0 [pid 6971] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6970] <... futex resumed>) = 0 [pid 6970] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6970] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6971] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6970] <... mmap resumed>) = 0x7f5464f41000 [pid 6970] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6970] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6972], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6972 [pid 6970] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6970] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6972 attached [pid 6972] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6972] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6972] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6971] <... mknodat resumed>) = 0 [pid 6971] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6971] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6972] <... mount resumed>) = 0 [pid 6972] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6972] chdir(".") = 0 [pid 6972] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6970] <... futex resumed>) = 0 [pid 6972] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6970] exit_group(0) = ? [pid 6972] <... futex resumed>) = ? [pid 6971] <... futex resumed>) = ? [pid 6971] +++ exited with 0 +++ [pid 6972] +++ exited with 0 +++ [pid 6970] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6970, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./654", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./654", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 145.558947][ T6971] loop0: detected capacity change from 0 to 1024 umount2("./654/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./654/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./654/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./654/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./654/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./654/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./654/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./654/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./654/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./654") = 0 mkdir("./655", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6973 ./strace-static-x86_64: Process 6973 attached [pid 6973] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6973] chdir("./655") = 0 [pid 6973] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6973] setpgid(0, 0) = 0 [pid 6973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6973] write(3, "1000", 4) = 4 [pid 6973] close(3) = 0 [pid 6973] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6973] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6973] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6973] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6974 attached , parent_tid=[6974], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6974 [pid 6974] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6974] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6973] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6974] <... futex resumed>) = 0 [pid 6974] memfd_create("syzkaller", 0 [pid 6973] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6974] <... memfd_create resumed>) = 3 [pid 6974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6974] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6974] munmap(0x7f5464ee2000, 524288) = 0 [pid 6974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6974] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6974] close(3) = 0 [pid 6974] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6974] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6974] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6974] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6974] ioctl(4, LOOP_CLR_FD) = 0 [pid 6974] close(4) = 0 [pid 6974] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] <... futex resumed>) = 0 [pid 6973] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6973] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6973] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6973] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6975], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6975 [pid 6973] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6973] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6974] <... futex resumed>) = 1 [pid 6974] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6974] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6974] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6975 attached [pid 6975] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6975] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6975] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6975] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6975] chdir(".") = 0 [pid 6975] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6973] <... futex resumed>) = 0 [pid 6975] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6973] exit_group(0 [pid 6975] <... futex resumed>) = ? [pid 6973] <... exit_group resumed>) = ? [pid 6974] <... futex resumed>) = ? [pid 6975] +++ exited with 0 +++ [pid 6974] +++ exited with 0 +++ [pid 6973] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6973, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./655", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./655", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./655/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./655/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./655/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./655/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./655/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./655/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 145.681829][ T6974] loop0: detected capacity change from 0 to 1024 umount2("./655/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./655/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./655/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./655") = 0 mkdir("./656", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6976 ./strace-static-x86_64: Process 6976 attached [pid 6976] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6976] chdir("./656") = 0 [pid 6976] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6976] setpgid(0, 0) = 0 [pid 6976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6976] write(3, "1000", 4) = 4 [pid 6976] close(3) = 0 [pid 6976] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6976] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6976] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6976] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6977 attached , parent_tid=[6977], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6977 [pid 6976] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6977] set_robust_list(0x7f546d3029e0, 24 [pid 6976] <... futex resumed>) = 0 [pid 6977] <... set_robust_list resumed>) = 0 [pid 6976] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6977] memfd_create("syzkaller", 0) = 3 [pid 6977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6977] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6977] munmap(0x7f5464ee2000, 524288) = 0 [pid 6977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6977] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6977] close(3) = 0 [pid 6977] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6977] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6977] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6977] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6977] ioctl(4, LOOP_CLR_FD) = 0 [pid 6977] close(4) = 0 [pid 6977] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6976] <... futex resumed>) = 0 [pid 6976] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6976] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6977] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6976] <... futex resumed>) = 0 [pid 6976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6976] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 6977] <... mknodat resumed>) = 0 [pid 6976] <... mprotect resumed>) = 0 [pid 6976] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6978], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6978 [pid 6976] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6976] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6978 attached [pid 6978] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6978] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6978] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6977] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6977] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6978] <... mount resumed>) = 0 [pid 6978] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6978] chdir(".") = 0 [pid 6978] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6976] <... futex resumed>) = 0 [pid 6978] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6976] exit_group(0) = ? [pid 6977] <... futex resumed>) = ? [pid 6977] +++ exited with 0 +++ [pid 6978] <... futex resumed>) = ? [pid 6978] +++ exited with 0 +++ [pid 6976] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6976, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./656", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./656", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 145.780197][ T6977] loop0: detected capacity change from 0 to 1024 umount2("./656/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./656/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./656/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./656/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./656/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./656/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./656/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./656/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./656/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./656") = 0 mkdir("./657", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6979 attached , child_tidptr=0x5555561b25d0) = 6979 [pid 6979] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6979] chdir("./657") = 0 [pid 6979] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6979] setpgid(0, 0) = 0 [pid 6979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6979] write(3, "1000", 4) = 4 [pid 6979] close(3) = 0 [pid 6979] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6979] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6979] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6979] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6979] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6980], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6980 ./strace-static-x86_64: Process 6980 attached [pid 6980] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6980] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6979] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6980] <... futex resumed>) = 0 [pid 6979] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6980] memfd_create("syzkaller", 0) = 3 [pid 6980] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6980] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6980] munmap(0x7f5464ee2000, 524288) = 0 [pid 6980] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6980] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6980] close(3) = 0 [pid 6980] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6980] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6980] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6980] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6980] ioctl(4, LOOP_CLR_FD) = 0 [pid 6980] close(4) = 0 [pid 6980] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6979] <... futex resumed>) = 0 [pid 6979] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6979] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6980] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6979] <... futex resumed>) = 0 [pid 6979] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6980] <... mknodat resumed>) = 0 [pid 6979] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6980] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6979] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6981], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6981 [pid 6979] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6979] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6981 attached [pid 6980] <... futex resumed>) = 0 [pid 6980] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6981] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6981] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6981] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6981] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6981] chdir(".") = 0 [pid 6981] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6979] <... futex resumed>) = 0 [pid 6981] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6979] exit_group(0 [pid 6981] <... futex resumed>) = ? [pid 6980] <... futex resumed>) = ? [pid 6979] <... exit_group resumed>) = ? [pid 6980] +++ exited with 0 +++ [ 145.895267][ T6980] loop0: detected capacity change from 0 to 1024 [pid 6981] +++ exited with 0 +++ [pid 6979] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6979, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./657", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./657", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./657/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./657/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./657/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./657/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./657/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./657/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./657/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./657/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./657/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./657") = 0 mkdir("./658", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6982 ./strace-static-x86_64: Process 6982 attached [pid 6982] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6982] chdir("./658") = 0 [pid 6982] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6982] setpgid(0, 0) = 0 [pid 6982] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6982] write(3, "1000", 4) = 4 [pid 6982] close(3) = 0 [pid 6982] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6982] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6982] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6982] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6983 attached , parent_tid=[6983], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6983 [pid 6982] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6982] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6983] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6983] memfd_create("syzkaller", 0) = 3 [pid 6983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6983] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6983] munmap(0x7f5464ee2000, 524288) = 0 [pid 6983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6983] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6983] close(3) = 0 [pid 6983] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6983] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6983] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6983] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6983] ioctl(4, LOOP_CLR_FD) = 0 [pid 6983] close(4) = 0 [pid 6983] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6983] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6982] <... futex resumed>) = 0 [pid 6982] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6983] <... futex resumed>) = 0 [pid 6982] <... futex resumed>) = 1 [pid 6982] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6983] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6982] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6982] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6984], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6984 [pid 6982] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6982] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6984 attached [pid 6983] <... mknodat resumed>) = 0 [pid 6983] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6983] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6984] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6984] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6984] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6984] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6984] chdir(".") = 0 [pid 6984] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6982] <... futex resumed>) = 0 [pid 6982] exit_group(0) = ? [pid 6983] <... futex resumed>) = ? [pid 6983] +++ exited with 0 +++ [pid 6984] +++ exited with 0 +++ [pid 6982] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6982, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./658", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./658", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./658/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./658/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./658/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./658/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./658/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./658/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./658/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./658/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./658/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 146.020045][ T6983] loop0: detected capacity change from 0 to 1024 rmdir("./658") = 0 mkdir("./659", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6985 ./strace-static-x86_64: Process 6985 attached [pid 6985] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6985] chdir("./659") = 0 [pid 6985] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6985] setpgid(0, 0) = 0 [pid 6985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6985] write(3, "1000", 4) = 4 [pid 6985] close(3) = 0 [pid 6985] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6985] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6985] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6985] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6985] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6986], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6986 [pid 6985] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6985] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6986 attached [pid 6986] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6986] memfd_create("syzkaller", 0) = 3 [pid 6986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6986] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6986] munmap(0x7f5464ee2000, 524288) = 0 [pid 6986] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6986] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6986] close(3) = 0 [pid 6986] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6986] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6986] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6986] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6986] ioctl(4, LOOP_CLR_FD) = 0 [pid 6986] close(4) = 0 [pid 6986] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6985] <... futex resumed>) = 0 [pid 6986] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6985] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6985] <... futex resumed>) = 0 [pid 6986] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6985] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6985] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6985] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6986] <... mknodat resumed>) = 0 [pid 6985] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6986] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6985] <... clone resumed>, parent_tid=[6987], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6987 ./strace-static-x86_64: Process 6987 attached [pid 6987] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6987] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6986] <... futex resumed>) = 0 [pid 6986] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6985] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6985] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6987] <... futex resumed>) = 0 [pid 6987] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6987] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6987] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6987] chdir(".") = 0 [pid 6987] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6985] <... futex resumed>) = 0 [pid 6987] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6985] exit_group(0 [pid 6987] <... futex resumed>) = ? [pid 6986] <... futex resumed>) = ? [pid 6985] <... exit_group resumed>) = ? [pid 6987] +++ exited with 0 +++ [pid 6986] +++ exited with 0 +++ [pid 6985] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6985, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./659", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./659", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./659/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./659/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./659/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./659/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 146.111126][ T6986] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "./659/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./659/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./659/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./659/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./659/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./659") = 0 mkdir("./660", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6988 ./strace-static-x86_64: Process 6988 attached [pid 6988] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6988] chdir("./660") = 0 [pid 6988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6988] setpgid(0, 0) = 0 [pid 6988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6988] write(3, "1000", 4) = 4 [pid 6988] close(3) = 0 [pid 6988] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6988] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6988] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6988] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6989 attached [pid 6989] set_robust_list(0x7f546d3029e0, 24 [pid 6988] <... clone resumed>, parent_tid=[6989], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6989 [pid 6989] <... set_robust_list resumed>) = 0 [pid 6988] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6988] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6989] memfd_create("syzkaller", 0) = 3 [pid 6989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6989] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6989] munmap(0x7f5464ee2000, 524288) = 0 [pid 6989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6989] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6989] close(3) = 0 [pid 6989] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6989] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6989] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6989] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6989] ioctl(4, LOOP_CLR_FD) = 0 [pid 6989] close(4) = 0 [pid 6989] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6989] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6988] <... futex resumed>) = 0 [pid 6988] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6989] <... futex resumed>) = 0 [pid 6989] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6988] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6989] <... mknodat resumed>) = 0 [pid 6988] <... mmap resumed>) = 0x7f5464f41000 [pid 6989] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6988] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 6989] <... futex resumed>) = 0 [pid 6989] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6988] <... mprotect resumed>) = 0 [pid 6988] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6990 attached , parent_tid=[6990], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6990 [pid 6990] set_robust_list(0x7f5464f619e0, 24 [pid 6988] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6990] <... set_robust_list resumed>) = 0 [pid 6990] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6990] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6988] <... futex resumed>) = 0 [pid 6988] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6990] <... mount resumed>) = 0 [pid 6990] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6990] chdir(".") = 0 [pid 6990] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6988] <... futex resumed>) = 0 [pid 6990] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6988] exit_group(0 [pid 6989] <... futex resumed>) = ? [pid 6988] <... exit_group resumed>) = ? [pid 6989] +++ exited with 0 +++ [pid 6990] <... futex resumed>) = ? [pid 6990] +++ exited with 0 +++ [pid 6988] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6988, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./660", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./660", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 146.220913][ T6989] loop0: detected capacity change from 0 to 1024 umount2("./660/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./660/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./660/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./660/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./660/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./660/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./660/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./660/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./660/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./660") = 0 mkdir("./661", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6991 ./strace-static-x86_64: Process 6991 attached [pid 6991] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6991] chdir("./661") = 0 [pid 6991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6991] setpgid(0, 0) = 0 [pid 6991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6991] write(3, "1000", 4) = 4 [pid 6991] close(3) = 0 [pid 6991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6991] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6991] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6991] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6992 attached , parent_tid=[6992], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6992 [pid 6992] set_robust_list(0x7f546d3029e0, 24 [pid 6991] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6992] <... set_robust_list resumed>) = 0 [pid 6991] <... futex resumed>) = 0 [pid 6991] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6992] memfd_create("syzkaller", 0) = 3 [pid 6992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6992] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6992] munmap(0x7f5464ee2000, 524288) = 0 [pid 6992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6992] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6992] close(3) = 0 [pid 6992] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6992] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6992] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6992] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6992] ioctl(4, LOOP_CLR_FD) = 0 [pid 6992] close(4) = 0 [pid 6992] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6992] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6991] <... futex resumed>) = 0 [pid 6991] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6991] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6991] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6993], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6993 [pid 6991] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6991] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6992] <... futex resumed>) = 0 [pid 6992] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6992] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6993 attached [pid 6993] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6992] <... futex resumed>) = 0 [pid 6992] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6993] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6993] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6993] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6993] chdir(".") = 0 [pid 6993] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] <... futex resumed>) = 0 [pid 6993] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6991] exit_group(0 [pid 6993] <... futex resumed>) = ? [pid 6991] <... exit_group resumed>) = ? [pid 6993] +++ exited with 0 +++ [pid 6992] <... futex resumed>) = ? [pid 6992] +++ exited with 0 +++ [pid 6991] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6991, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./661", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./661", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./661/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./661/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 146.325472][ T6992] loop0: detected capacity change from 0 to 1024 lstat("./661/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./661/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./661/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./661/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./661/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./661/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./661/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./661") = 0 mkdir("./662", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6994 ./strace-static-x86_64: Process 6994 attached [pid 6994] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6994] chdir("./662") = 0 [pid 6994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6994] setpgid(0, 0) = 0 [pid 6994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6994] write(3, "1000", 4) = 4 [pid 6994] close(3) = 0 [pid 6994] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6994] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6994] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6994] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6995 attached [pid 6995] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 6994] <... clone resumed>, parent_tid=[6995], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6995 [pid 6995] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6994] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6995] <... futex resumed>) = 0 [pid 6994] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6995] memfd_create("syzkaller", 0) = 3 [pid 6995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6995] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6995] munmap(0x7f5464ee2000, 524288) = 0 [pid 6995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6995] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6995] close(3) = 0 [pid 6995] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6995] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6995] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6995] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6995] ioctl(4, LOOP_CLR_FD) = 0 [pid 6995] close(4) = 0 [pid 6995] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6994] <... futex resumed>) = 0 [pid 6994] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6994] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6994] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6995] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 6994] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6996], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6996 [pid 6994] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6994] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6996 attached [pid 6996] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6996] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6996] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 6995] <... mknodat resumed>) = 0 [pid 6995] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6995] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6996] <... mount resumed>) = 0 [pid 6996] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6996] chdir(".") = 0 [pid 6996] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6994] <... futex resumed>) = 0 [pid 6994] exit_group(0) = ? [pid 6995] <... futex resumed>) = ? [pid 6995] +++ exited with 0 +++ [pid 6996] +++ exited with 0 +++ [pid 6994] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6994, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./662", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./662", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 146.438830][ T6995] loop0: detected capacity change from 0 to 1024 umount2("./662/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./662/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./662/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./662/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./662/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./662/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./662/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./662/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./662/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./662") = 0 mkdir("./663", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 6997 ./strace-static-x86_64: Process 6997 attached [pid 6997] set_robust_list(0x5555561b25e0, 24) = 0 [pid 6997] chdir("./663") = 0 [pid 6997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6997] setpgid(0, 0) = 0 [pid 6997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6997] write(3, "1000", 4) = 4 [pid 6997] close(3) = 0 [pid 6997] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6997] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 6997] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6997] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6998 attached , parent_tid=[6998], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 6998 [pid 6998] set_robust_list(0x7f546d3029e0, 24 [pid 6997] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6998] <... set_robust_list resumed>) = 0 [pid 6997] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6998] memfd_create("syzkaller", 0) = 3 [pid 6998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 6998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6998] munmap(0x7f5464ee2000, 524288) = 0 [pid 6998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6998] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6998] close(3) = 0 [pid 6998] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 6998] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 6998] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 6998] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6998] ioctl(4, LOOP_CLR_FD) = 0 [pid 6998] close(4) = 0 [pid 6998] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6997] <... futex resumed>) = 0 [pid 6997] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6997] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 6997] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6997] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6999], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 6999 [pid 6997] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6997] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6998] <... futex resumed>) = 1 [pid 6998] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 6998] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6998] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6999 attached [pid 6999] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 6999] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6999] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 6999] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6999] chdir(".") = 0 [pid 6999] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6997] <... futex resumed>) = 0 [pid 6997] exit_group(0 [pid 6998] <... futex resumed>) = ? [pid 6997] <... exit_group resumed>) = ? [pid 6998] +++ exited with 0 +++ [pid 6999] <... futex resumed>) = ? [pid 6999] +++ exited with 0 +++ [pid 6997] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6997, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./663", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./663", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./663/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./663/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./663/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./663/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./663/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 [ 146.556422][ T6998] loop0: detected capacity change from 0 to 1024 close(4) = 0 rmdir("./663/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./663/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./663/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./663/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./663") = 0 mkdir("./664", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7000 ./strace-static-x86_64: Process 7000 attached [pid 7000] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7000] chdir("./664") = 0 [pid 7000] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7000] setpgid(0, 0) = 0 [pid 7000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7000] write(3, "1000", 4) = 4 [pid 7000] close(3) = 0 [pid 7000] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7000] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7000] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7000] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7000] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7001 attached , parent_tid=[7001], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7001 [pid 7000] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7000] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7001] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7001] memfd_create("syzkaller", 0) = 3 [pid 7001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7001] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7001] munmap(0x7f5464ee2000, 524288) = 0 [pid 7001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7001] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7001] close(3) = 0 [pid 7001] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7001] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7001] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7001] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7001] ioctl(4, LOOP_CLR_FD) = 0 [pid 7001] close(4) = 0 [pid 7001] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7000] <... futex resumed>) = 0 [pid 7000] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7000] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7000] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7001] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7000] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7000] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7002 attached [pid 7002] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7002] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7000] <... clone resumed>, parent_tid=[7002], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7002 [pid 7000] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7002] <... futex resumed>) = 0 [pid 7000] <... futex resumed>) = 1 [pid 7000] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7002] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7002] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7001] <... mknodat resumed>) = 0 [pid 7001] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7002] <... mount resumed>) = 0 [pid 7001] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7002] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7002] chdir(".") = 0 [pid 7002] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7002] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7000] <... futex resumed>) = 0 [pid 7000] exit_group(0) = ? [pid 7002] <... futex resumed>) = ? [pid 7002] +++ exited with 0 +++ [pid 7001] <... futex resumed>) = ? [pid 7001] +++ exited with 0 +++ [pid 7000] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7000, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./664", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./664", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./664/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./664/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 146.652208][ T7001] loop0: detected capacity change from 0 to 1024 lstat("./664/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./664/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./664/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./664/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./664/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./664/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./664/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./664") = 0 mkdir("./665", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7003 ./strace-static-x86_64: Process 7003 attached [pid 7003] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7003] chdir("./665") = 0 [pid 7003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7003] setpgid(0, 0) = 0 [pid 7003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7003] write(3, "1000", 4) = 4 [pid 7003] close(3) = 0 [pid 7003] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7003] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7003] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7003] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7004 attached , parent_tid=[7004], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7004 [pid 7004] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7004] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7003] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7004] <... futex resumed>) = 0 [pid 7003] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7004] memfd_create("syzkaller", 0) = 3 [pid 7004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7004] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7004] munmap(0x7f5464ee2000, 524288) = 0 [pid 7004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7004] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7004] close(3) = 0 [pid 7004] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7004] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7004] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7004] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7004] ioctl(4, LOOP_CLR_FD) = 0 [pid 7004] close(4) = 0 [pid 7004] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7003] <... futex resumed>) = 0 [pid 7004] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7003] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7004] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7003] <... futex resumed>) = 0 [pid 7004] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7003] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7004] <... mknodat resumed>) = 0 [pid 7004] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7004] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7003] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7003] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7005 attached , parent_tid=[7005], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7005 [pid 7003] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7005] set_robust_list(0x7f5464f619e0, 24 [pid 7003] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7005] <... set_robust_list resumed>) = 0 [pid 7005] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7005] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7005] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7005] chdir(".") = 0 [pid 7005] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7003] <... futex resumed>) = 0 [pid 7005] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7003] exit_group(0) = ? [pid 7004] <... futex resumed>) = ? [pid 7004] +++ exited with 0 +++ [pid 7005] <... futex resumed>) = ? [pid 7005] +++ exited with 0 +++ [pid 7003] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7003, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./665", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./665", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./665/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./665/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./665/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./665/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./665/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./665/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./665/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./665/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./665/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./665") = 0 mkdir("./666", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 146.761003][ T7004] loop0: detected capacity change from 0 to 1024 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7006 ./strace-static-x86_64: Process 7006 attached [pid 7006] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7006] chdir("./666") = 0 [pid 7006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7006] setpgid(0, 0) = 0 [pid 7006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7006] write(3, "1000", 4) = 4 [pid 7006] close(3) = 0 [pid 7006] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7006] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7006] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7006] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7007 attached , parent_tid=[7007], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7007 [pid 7007] set_robust_list(0x7f546d3029e0, 24 [pid 7006] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7007] <... set_robust_list resumed>) = 0 [pid 7006] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7007] memfd_create("syzkaller", 0) = 3 [pid 7007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7007] munmap(0x7f5464ee2000, 524288) = 0 [pid 7007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7007] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7007] close(3) = 0 [pid 7007] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7007] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7007] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7007] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7007] ioctl(4, LOOP_CLR_FD) = 0 [pid 7007] close(4) = 0 [pid 7007] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7006] <... futex resumed>) = 0 [pid 7007] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7006] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7007] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7006] <... futex resumed>) = 0 [pid 7006] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7007] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7006] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7007] <... mknodat resumed>) = 0 [pid 7006] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7008], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7008 [pid 7006] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7007] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7006] <... futex resumed>) = 0 [pid 7007] <... futex resumed>) = 0 [pid 7006] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7007] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7008 attached [pid 7008] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7008] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7008] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7008] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7008] chdir(".") = 0 [pid 7008] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7006] <... futex resumed>) = 0 [pid 7008] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7006] exit_group(0 [pid 7008] <... futex resumed>) = ? [pid 7007] <... futex resumed>) = ? [pid 7006] <... exit_group resumed>) = ? [pid 7008] +++ exited with 0 +++ [pid 7007] +++ exited with 0 +++ [pid 7006] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7006, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./666", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./666", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./666/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./666/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 146.864639][ T7007] loop0: detected capacity change from 0 to 1024 lstat("./666/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./666/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./666/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./666/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./666/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./666/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./666/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./666") = 0 mkdir("./667", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7009 ./strace-static-x86_64: Process 7009 attached [pid 7009] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7009] chdir("./667") = 0 [pid 7009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7009] setpgid(0, 0) = 0 [pid 7009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7009] write(3, "1000", 4) = 4 [pid 7009] close(3) = 0 [pid 7009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7009] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7009] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7009] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7010 attached [pid 7010] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7010] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7009] <... clone resumed>, parent_tid=[7010], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7010 [pid 7009] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7010] <... futex resumed>) = 0 [pid 7009] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7010] memfd_create("syzkaller", 0) = 3 [pid 7010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7010] munmap(0x7f5464ee2000, 524288) = 0 [pid 7010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7010] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7010] close(3) = 0 [pid 7010] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7010] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7010] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7010] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7010] ioctl(4, LOOP_CLR_FD) = 0 [pid 7010] close(4) = 0 [pid 7010] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7009] <... futex resumed>) = 0 [pid 7009] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7009] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7009] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7009] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7011], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7011 [pid 7009] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7009] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7010] <... futex resumed>) = 1 [pid 7010] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7010] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7011 attached ) = 0 [pid 7010] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7011] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7011] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7011] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7011] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7011] chdir(".") = 0 [pid 7011] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7009] <... futex resumed>) = 0 [pid 7009] exit_group(0) = ? [pid 7011] <... futex resumed>) = ? [pid 7011] +++ exited with 0 +++ [pid 7010] <... futex resumed>) = ? [pid 7010] +++ exited with 0 +++ [pid 7009] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7009, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./667", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./667", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./667/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./667/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./667/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./667/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./667/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./667/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./667/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./667/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./667/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./667") = 0 mkdir("./668", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7012 ./strace-static-x86_64: Process 7012 attached [ 146.970280][ T7010] loop0: detected capacity change from 0 to 1024 [pid 7012] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7012] chdir("./668") = 0 [pid 7012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7012] setpgid(0, 0) = 0 [pid 7012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7012] write(3, "1000", 4) = 4 [pid 7012] close(3) = 0 [pid 7012] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7012] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7012] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7012] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7013], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7013 ./strace-static-x86_64: Process 7013 attached [pid 7012] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7012] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7013] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7013] memfd_create("syzkaller", 0) = 3 [pid 7013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7013] munmap(0x7f5464ee2000, 524288) = 0 [pid 7013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7013] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7013] close(3) = 0 [pid 7013] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7013] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7013] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7013] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7013] ioctl(4, LOOP_CLR_FD) = 0 [pid 7013] close(4) = 0 [pid 7013] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7012] <... futex resumed>) = 0 [pid 7013] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7012] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7013] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7012] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7013] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7012] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7012] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7014], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7014 [pid 7013] <... mknodat resumed>) = 0 [pid 7012] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7013] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7013] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7014 attached [pid 7014] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7012] <... futex resumed>) = 0 [pid 7012] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7014] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7014] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7014] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7014] chdir(".") = 0 [pid 7014] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7012] <... futex resumed>) = 0 [pid 7014] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7012] exit_group(0 [pid 7013] <... futex resumed>) = ? [pid 7012] <... exit_group resumed>) = ? [pid 7014] <... futex resumed>) = ? [pid 7013] +++ exited with 0 +++ [pid 7014] +++ exited with 0 +++ [pid 7012] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7012, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./668", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./668", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./668/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./668/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./668/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./668/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./668/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./668/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 147.069186][ T7013] loop0: detected capacity change from 0 to 1024 umount2("./668/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./668/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./668/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./668") = 0 mkdir("./669", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7015 ./strace-static-x86_64: Process 7015 attached [pid 7015] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7015] chdir("./669") = 0 [pid 7015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7015] setpgid(0, 0) = 0 [pid 7015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7015] write(3, "1000", 4) = 4 [pid 7015] close(3) = 0 [pid 7015] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7015] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7015] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7015] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7016], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7016 ./strace-static-x86_64: Process 7016 attached [pid 7016] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7016] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7015] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7016] <... futex resumed>) = 0 [pid 7015] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7016] memfd_create("syzkaller", 0) = 3 [pid 7016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7016] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7016] munmap(0x7f5464ee2000, 524288) = 0 [pid 7016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7016] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7016] close(3) = 0 [pid 7016] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7016] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7016] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7016] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7016] ioctl(4, LOOP_CLR_FD) = 0 [pid 7016] close(4) = 0 [pid 7016] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7015] <... futex resumed>) = 0 [pid 7015] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7015] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7015] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7015] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7017], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7017 [pid 7015] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7015] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7016] <... futex resumed>) = 1 [pid 7016] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7017 attached [pid 7017] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7017] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7017] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7016] <... mknodat resumed>) = 0 [pid 7016] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7016] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7017] <... mount resumed>) = 0 [pid 7017] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7017] chdir(".") = 0 [pid 7017] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7015] <... futex resumed>) = 0 [pid 7015] exit_group(0 [pid 7017] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7015] <... exit_group resumed>) = ? [pid 7017] <... futex resumed>) = ? [pid 7017] +++ exited with 0 +++ [pid 7016] <... futex resumed>) = ? [pid 7016] +++ exited with 0 +++ [pid 7015] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7015, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./669", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./669", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./669/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./669/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./669/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./669/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./669/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./669/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./669/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./669/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./669/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 [ 147.178124][ T7016] loop0: detected capacity change from 0 to 1024 close(3) = 0 rmdir("./669") = 0 mkdir("./670", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7018 ./strace-static-x86_64: Process 7018 attached [pid 7018] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7018] chdir("./670") = 0 [pid 7018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7018] setpgid(0, 0) = 0 [pid 7018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7018] write(3, "1000", 4) = 4 [pid 7018] close(3) = 0 [pid 7018] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7018] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7018] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7018] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7019], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7019 ./strace-static-x86_64: Process 7019 attached [pid 7018] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7018] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7019] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7019] memfd_create("syzkaller", 0) = 3 [pid 7019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7019] munmap(0x7f5464ee2000, 524288) = 0 [pid 7019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7019] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7019] close(3) = 0 [pid 7019] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7019] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7019] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7019] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7019] ioctl(4, LOOP_CLR_FD) = 0 [pid 7019] close(4) = 0 [pid 7019] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7018] <... futex resumed>) = 0 [pid 7019] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7018] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7018] <... futex resumed>) = 0 [pid 7019] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7018] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7019] <... mknodat resumed>) = 0 [pid 7018] <... futex resumed>) = 0 [pid 7019] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7019] <... futex resumed>) = 0 [pid 7018] <... mmap resumed>) = 0x7f5464f41000 [pid 7019] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7018] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7018] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7020 attached [pid 7020] set_robust_list(0x7f5464f619e0, 24 [pid 7018] <... clone resumed>, parent_tid=[7020], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7020 [pid 7020] <... set_robust_list resumed>) = 0 [pid 7018] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7020] mkdir(".", 0777 [pid 7018] <... futex resumed>) = 0 [pid 7020] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7018] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7020] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7020] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7020] chdir(".") = 0 [pid 7020] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7018] <... futex resumed>) = 0 [pid 7020] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7018] exit_group(0 [pid 7020] <... futex resumed>) = ? [pid 7019] <... futex resumed>) = ? [pid 7018] <... exit_group resumed>) = ? [pid 7020] +++ exited with 0 +++ [pid 7019] +++ exited with 0 +++ [pid 7018] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7018, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./670", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./670", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 147.294983][ T7019] loop0: detected capacity change from 0 to 1024 umount2("./670/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./670/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./670/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./670/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./670/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./670/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./670/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./670/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./670/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./670") = 0 mkdir("./671", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7021 ./strace-static-x86_64: Process 7021 attached [pid 7021] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7021] chdir("./671") = 0 [pid 7021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7021] setpgid(0, 0) = 0 [pid 7021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7021] write(3, "1000", 4) = 4 [pid 7021] close(3) = 0 [pid 7021] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7021] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7021] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7021] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7022 attached [pid 7022] set_robust_list(0x7f546d3029e0, 24 [pid 7021] <... clone resumed>, parent_tid=[7022], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7022 [pid 7022] <... set_robust_list resumed>) = 0 [pid 7022] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7021] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7022] <... futex resumed>) = 0 [pid 7022] memfd_create("syzkaller", 0 [pid 7021] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7022] <... memfd_create resumed>) = 3 [pid 7022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7022] munmap(0x7f5464ee2000, 524288) = 0 [pid 7022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7022] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7022] close(3) = 0 [pid 7022] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7022] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7022] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7022] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7022] ioctl(4, LOOP_CLR_FD) = 0 [pid 7022] close(4) = 0 [pid 7022] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7022] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7021] <... futex resumed>) = 0 [pid 7021] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7021] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7021] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7021] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7023 attached [pid 7023] set_robust_list(0x7f5464f619e0, 24 [pid 7021] <... clone resumed>, parent_tid=[7023], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7023 [pid 7023] <... set_robust_list resumed>) = 0 [pid 7021] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7023] mkdir(".", 0777 [pid 7021] <... futex resumed>) = 0 [pid 7023] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7021] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7023] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7022] <... futex resumed>) = 0 [pid 7022] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7023] <... mount resumed>) = 0 [pid 7023] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7023] chdir(".") = 0 [pid 7023] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7021] <... futex resumed>) = 0 [pid 7023] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7022] <... mknodat resumed>) = 0 [pid 7022] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7021] exit_group(0 [pid 7023] <... futex resumed>) = ? [pid 7021] <... exit_group resumed>) = ? [pid 7023] +++ exited with 0 +++ [pid 7022] +++ exited with 0 +++ [pid 7021] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7021, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./671", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./671", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 147.420303][ T7022] loop0: detected capacity change from 0 to 1024 umount2("./671/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./671/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./671/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./671/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./671/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./671/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./671/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./671/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./671/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./671") = 0 mkdir("./672", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7024 ./strace-static-x86_64: Process 7024 attached [pid 7024] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7024] chdir("./672") = 0 [pid 7024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7024] setpgid(0, 0) = 0 [pid 7024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7024] write(3, "1000", 4) = 4 [pid 7024] close(3) = 0 [pid 7024] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7024] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7024] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7024] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7025], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7025 [pid 7024] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7024] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7025 attached [pid 7025] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7025] memfd_create("syzkaller", 0) = 3 [pid 7025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7025] munmap(0x7f5464ee2000, 524288) = 0 [pid 7025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7025] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7025] close(3) = 0 [pid 7025] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7025] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7025] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7025] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7025] ioctl(4, LOOP_CLR_FD) = 0 [pid 7025] close(4) = 0 [pid 7025] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7024] <... futex resumed>) = 0 [pid 7024] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7024] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7024] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7024] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7026], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7026 [pid 7024] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7024] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7025] <... futex resumed>) = 1 [pid 7025] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7026 attached [pid 7026] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7026] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7026] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7025] <... mknodat resumed>) = 0 [pid 7025] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7026] <... mount resumed>) = 0 [pid 7026] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7025] <... futex resumed>) = 0 [pid 7026] <... openat resumed>) = 4 [pid 7026] chdir(".") = 0 [pid 7026] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7025] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7026] <... futex resumed>) = 1 [pid 7024] <... futex resumed>) = 0 [pid 7026] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7024] exit_group(0 [pid 7026] <... futex resumed>) = ? [pid 7025] <... futex resumed>) = ? [pid 7024] <... exit_group resumed>) = ? [pid 7026] +++ exited with 0 +++ [pid 7025] +++ exited with 0 +++ [pid 7024] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7024, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./672", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./672", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./672/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./672/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./672/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./672/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./672/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 147.545349][ T7025] loop0: detected capacity change from 0 to 1024 rmdir("./672/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./672/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./672/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./672/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./672") = 0 mkdir("./673", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7027 ./strace-static-x86_64: Process 7027 attached [pid 7027] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7027] chdir("./673") = 0 [pid 7027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7027] setpgid(0, 0) = 0 [pid 7027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7027] write(3, "1000", 4) = 4 [pid 7027] close(3) = 0 [pid 7027] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7027] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7027] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7027] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7028], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7028 [pid 7027] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7027] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7028 attached [pid 7028] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7028] memfd_create("syzkaller", 0) = 3 [pid 7028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7028] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7028] munmap(0x7f5464ee2000, 524288) = 0 [pid 7028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7028] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7028] close(3) = 0 [pid 7028] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7028] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7028] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7028] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7028] ioctl(4, LOOP_CLR_FD) = 0 [pid 7028] close(4) = 0 [pid 7028] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] <... futex resumed>) = 0 [pid 7027] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7027] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7027] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7027] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7029], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7029 [pid 7027] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7027] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7028] <... futex resumed>) = 1 [pid 7028] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7028] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7028] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7029 attached [pid 7029] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7029] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7029] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7029] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7029] chdir(".") = 0 [pid 7029] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] <... futex resumed>) = 0 [pid 7027] exit_group(0) = ? [pid 7028] <... futex resumed>) = ? [pid 7028] +++ exited with 0 +++ [pid 7029] <... futex resumed>) = ? [pid 7029] +++ exited with 0 +++ [pid 7027] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7027, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./673", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./673", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./673/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./673/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./673/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./673/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./673/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./673/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./673/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./673/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./673/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./673") = 0 mkdir("./674", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 147.639236][ T7028] loop0: detected capacity change from 0 to 1024 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7030 ./strace-static-x86_64: Process 7030 attached [pid 7030] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7030] chdir("./674") = 0 [pid 7030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7030] setpgid(0, 0) = 0 [pid 7030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7030] write(3, "1000", 4) = 4 [pid 7030] close(3) = 0 [pid 7030] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7030] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7030] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7030] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7031], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7031 [pid 7030] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7030] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7031 attached [pid 7031] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7031] memfd_create("syzkaller", 0) = 3 [pid 7031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7031] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7031] munmap(0x7f5464ee2000, 524288) = 0 [pid 7031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7031] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7031] close(3) = 0 [pid 7031] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7031] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7031] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7031] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7031] ioctl(4, LOOP_CLR_FD) = 0 [pid 7031] close(4) = 0 [pid 7031] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7030] <... futex resumed>) = 0 [pid 7030] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7030] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7030] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7030] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7032], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7032 [pid 7030] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7030] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7031] <... futex resumed>) = 1 [pid 7031] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7031] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7031] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7032 attached [pid 7032] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7032] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7032] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7032] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7032] chdir(".") = 0 [pid 7032] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7032] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7030] <... futex resumed>) = 0 [pid 7030] exit_group(0) = ? [pid 7032] <... futex resumed>) = ? [pid 7032] +++ exited with 0 +++ [pid 7031] <... futex resumed>) = ? [pid 7031] +++ exited with 0 +++ [pid 7030] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7030, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./674", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./674", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 147.755287][ T7031] loop0: detected capacity change from 0 to 1024 umount2("./674/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./674/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./674/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./674/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./674/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./674/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./674/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./674/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./674/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./674") = 0 mkdir("./675", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7033 ./strace-static-x86_64: Process 7033 attached [pid 7033] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7033] chdir("./675") = 0 [pid 7033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7033] setpgid(0, 0) = 0 [pid 7033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7033] write(3, "1000", 4) = 4 [pid 7033] close(3) = 0 [pid 7033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7033] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7033] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7033] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7034], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7034 [pid 7033] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7033] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7034 attached [pid 7034] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7034] memfd_create("syzkaller", 0) = 3 [pid 7034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7034] munmap(0x7f5464ee2000, 524288) = 0 [pid 7034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7034] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7034] close(3) = 0 [pid 7034] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7034] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7034] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7034] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7034] ioctl(4, LOOP_CLR_FD) = 0 [pid 7034] close(4) = 0 [pid 7034] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7033] <... futex resumed>) = 0 [pid 7033] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7033] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7033] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7033] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7035], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7035 [pid 7033] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7033] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7034] <... futex resumed>) = 1 [pid 7034] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 ./strace-static-x86_64: Process 7035 attached [pid 7034] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7034] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7035] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7035] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7035] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7035] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7035] chdir(".") = 0 [pid 7035] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7033] <... futex resumed>) = 0 [pid 7033] exit_group(0) = ? [pid 7034] <... futex resumed>) = ? [pid 7034] +++ exited with 0 +++ [pid 7035] +++ exited with 0 +++ [pid 7033] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7033, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./675", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./675", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 147.856809][ T7034] loop0: detected capacity change from 0 to 1024 umount2("./675/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./675/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./675/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./675/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./675/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./675/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./675/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./675/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./675/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./675") = 0 mkdir("./676", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7036 ./strace-static-x86_64: Process 7036 attached [pid 7036] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7036] chdir("./676") = 0 [pid 7036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7036] setpgid(0, 0) = 0 [pid 7036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7036] write(3, "1000", 4) = 4 [pid 7036] close(3) = 0 [pid 7036] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7036] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7036] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7036] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7037 attached , parent_tid=[7037], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7037 [pid 7036] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7036] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7037] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7037] memfd_create("syzkaller", 0) = 3 [pid 7037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7037] munmap(0x7f5464ee2000, 524288) = 0 [pid 7037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7037] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7037] close(3) = 0 [pid 7037] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7037] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7037] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7037] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7037] ioctl(4, LOOP_CLR_FD) = 0 [pid 7037] close(4) = 0 [pid 7037] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7036] <... futex resumed>) = 0 [pid 7036] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7036] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7036] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7036] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7038], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7038 [pid 7036] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7036] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7037] <... futex resumed>) = 1 [pid 7037] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7037] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7037] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7038 attached [pid 7038] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7038] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7038] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7038] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7038] chdir(".") = 0 [pid 7038] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7036] <... futex resumed>) = 0 [pid 7038] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7036] exit_group(0 [pid 7037] <... futex resumed>) = ? [pid 7036] <... exit_group resumed>) = ? [pid 7037] +++ exited with 0 +++ [pid 7038] <... futex resumed>) = ? [pid 7038] +++ exited with 0 +++ [pid 7036] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7036, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./676", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./676", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./676/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 147.986147][ T7037] loop0: detected capacity change from 0 to 1024 umount2("./676/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./676/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./676/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./676/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./676/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./676/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./676/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./676/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./676") = 0 mkdir("./677", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7039 ./strace-static-x86_64: Process 7039 attached [pid 7039] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7039] chdir("./677") = 0 [pid 7039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7039] setpgid(0, 0) = 0 [pid 7039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7039] write(3, "1000", 4) = 4 [pid 7039] close(3) = 0 [pid 7039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7039] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7039] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7039] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7040 attached , parent_tid=[7040], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7040 [pid 7040] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7040] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7039] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7040] <... futex resumed>) = 0 [pid 7039] <... futex resumed>) = 1 [pid 7039] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7040] memfd_create("syzkaller", 0) = 3 [pid 7040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7040] munmap(0x7f5464ee2000, 524288) = 0 [pid 7040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7040] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7040] close(3) = 0 [pid 7040] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7040] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7040] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7040] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7040] ioctl(4, LOOP_CLR_FD) = 0 [pid 7040] close(4) = 0 [pid 7040] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7039] <... futex resumed>) = 0 [pid 7039] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7039] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7039] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7039] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7041], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7041 [pid 7039] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7039] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7040] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7041 attached [pid 7041] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7041] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7041] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7040] <... mknodat resumed>) = 0 [pid 7040] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7040] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7041] <... mount resumed>) = 0 [pid 7041] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7041] chdir(".") = 0 [pid 7041] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7039] <... futex resumed>) = 0 [pid 7039] exit_group(0) = ? [pid 7040] <... futex resumed>) = ? [pid 7040] +++ exited with 0 +++ [pid 7041] +++ exited with 0 +++ [pid 7039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7039, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./677", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./677", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./677/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./677/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./677/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./677/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./677/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 148.102735][ T7040] loop0: detected capacity change from 0 to 1024 rmdir("./677/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./677/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./677/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./677/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./677") = 0 mkdir("./678", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7042 ./strace-static-x86_64: Process 7042 attached [pid 7042] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7042] chdir("./678") = 0 [pid 7042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7042] setpgid(0, 0) = 0 [pid 7042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7042] write(3, "1000", 4) = 4 [pid 7042] close(3) = 0 [pid 7042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7042] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7042] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7042] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7043 attached , parent_tid=[7043], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7043 [pid 7043] set_robust_list(0x7f546d3029e0, 24 [pid 7042] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7043] <... set_robust_list resumed>) = 0 [pid 7042] <... futex resumed>) = 0 [pid 7042] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7043] memfd_create("syzkaller", 0) = 3 [pid 7043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7043] munmap(0x7f5464ee2000, 524288) = 0 [pid 7043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7043] close(3) = 0 [pid 7043] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7043] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7043] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7043] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7043] ioctl(4, LOOP_CLR_FD) = 0 [pid 7043] close(4) = 0 [pid 7043] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7042] <... futex resumed>) = 0 [pid 7043] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7042] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7042] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7042] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7042] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7044 attached [pid 7044] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7042] <... clone resumed>, parent_tid=[7044], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7044 [pid 7042] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7042] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7044] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7044] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7043] <... mknodat resumed>) = 0 [pid 7043] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7043] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7044] <... mount resumed>) = 0 [pid 7044] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7044] chdir(".") = 0 [pid 7044] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7042] <... futex resumed>) = 0 [pid 7044] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7042] exit_group(0 [pid 7044] <... futex resumed>) = ? [pid 7043] <... futex resumed>) = ? [pid 7042] <... exit_group resumed>) = ? [pid 7044] +++ exited with 0 +++ [pid 7043] +++ exited with 0 +++ [pid 7042] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7042, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./678", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./678", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 148.210208][ T7043] loop0: detected capacity change from 0 to 1024 umount2("./678/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./678/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./678/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./678/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./678/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./678/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./678/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./678/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./678/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./678") = 0 mkdir("./679", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7045 attached , child_tidptr=0x5555561b25d0) = 7045 [pid 7045] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7045] chdir("./679") = 0 [pid 7045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7045] setpgid(0, 0) = 0 [pid 7045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7045] write(3, "1000", 4) = 4 [pid 7045] close(3) = 0 [pid 7045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7045] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7045] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7045] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7046 attached , parent_tid=[7046], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7046 [pid 7046] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7046] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7045] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7045] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7046] <... futex resumed>) = 0 [pid 7046] memfd_create("syzkaller", 0) = 3 [pid 7046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7046] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7046] munmap(0x7f5464ee2000, 524288) = 0 [pid 7046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7046] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7046] close(3) = 0 [pid 7046] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7046] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7046] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7046] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7046] ioctl(4, LOOP_CLR_FD) = 0 [pid 7046] close(4) = 0 [pid 7046] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7046] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7045] <... futex resumed>) = 0 [pid 7045] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7046] <... futex resumed>) = 0 [pid 7046] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7045] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7045] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7045] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7047], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7047 [pid 7045] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7045] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7046] <... mknodat resumed>) = 0 [pid 7046] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7046] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7047 attached [pid 7047] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7047] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7047] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7047] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7047] chdir(".") = 0 [pid 7047] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7047] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7045] <... futex resumed>) = 0 [pid 7045] exit_group(0 [pid 7046] <... futex resumed>) = ? [pid 7045] <... exit_group resumed>) = ? [pid 7046] +++ exited with 0 +++ [pid 7047] <... futex resumed>) = ? [pid 7047] +++ exited with 0 +++ [pid 7045] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7045, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./679", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./679", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./679/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 148.321844][ T7046] loop0: detected capacity change from 0 to 1024 umount2("./679/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./679/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./679/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./679/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./679/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./679/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./679/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./679/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./679") = 0 mkdir("./680", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7048 ./strace-static-x86_64: Process 7048 attached [pid 7048] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7048] chdir("./680") = 0 [pid 7048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7048] setpgid(0, 0) = 0 [pid 7048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7048] write(3, "1000", 4) = 4 [pid 7048] close(3) = 0 [pid 7048] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7048] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7048] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7048] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7049 attached , parent_tid=[7049], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7049 [pid 7049] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7049] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7048] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7049] <... futex resumed>) = 0 [pid 7048] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7049] memfd_create("syzkaller", 0) = 3 [pid 7049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7049] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7049] munmap(0x7f5464ee2000, 524288) = 0 [pid 7049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7049] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7049] close(3) = 0 [pid 7049] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7049] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7049] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7049] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7049] ioctl(4, LOOP_CLR_FD) = 0 [pid 7049] close(4) = 0 [pid 7049] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7048] <... futex resumed>) = 0 [pid 7049] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7048] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7048] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7048] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7048] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7050], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7050 [pid 7048] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7048] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7050 attached [pid 7050] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7049] <... mknodat resumed>) = 0 [pid 7049] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7049] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7050] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7050] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7050] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7050] chdir(".") = 0 [pid 7050] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7048] <... futex resumed>) = 0 [pid 7050] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7048] exit_group(0 [pid 7050] <... futex resumed>) = ? [pid 7049] <... futex resumed>) = ? [pid 7048] <... exit_group resumed>) = ? [pid 7050] +++ exited with 0 +++ [pid 7049] +++ exited with 0 +++ [pid 7048] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7048, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./680", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./680", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./680/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./680/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./680/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./680/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./680/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 148.427832][ T7049] loop0: detected capacity change from 0 to 1024 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./680/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./680/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./680/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./680/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./680") = 0 mkdir("./681", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7051 ./strace-static-x86_64: Process 7051 attached [pid 7051] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7051] chdir("./681") = 0 [pid 7051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7051] setpgid(0, 0) = 0 [pid 7051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7051] write(3, "1000", 4) = 4 [pid 7051] close(3) = 0 [pid 7051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7051] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7051] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7051] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7052], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7052 [pid 7051] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7051] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7052 attached [pid 7052] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7052] memfd_create("syzkaller", 0) = 3 [pid 7052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7052] munmap(0x7f5464ee2000, 524288) = 0 [pid 7052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7052] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7052] close(3) = 0 [pid 7052] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7052] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7052] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7052] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7052] ioctl(4, LOOP_CLR_FD) = 0 [pid 7052] close(4) = 0 [pid 7052] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7051] <... futex resumed>) = 0 [pid 7051] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7051] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7052] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7051] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7051] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7053], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7053 [pid 7051] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7051] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7052] <... mknodat resumed>) = 0 [pid 7052] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7052] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7053 attached [pid 7053] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7053] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7053] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7053] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7053] chdir(".") = 0 [pid 7053] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7051] <... futex resumed>) = 0 [pid 7051] exit_group(0) = ? [pid 7052] <... futex resumed>) = ? [pid 7052] +++ exited with 0 +++ [pid 7053] <... futex resumed>) = ? [pid 7053] +++ exited with 0 +++ [pid 7051] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7051, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./681", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./681", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 148.524863][ T7052] loop0: detected capacity change from 0 to 1024 umount2("./681/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./681/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./681/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./681/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./681/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./681/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./681/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./681/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./681/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./681") = 0 mkdir("./682", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7054 ./strace-static-x86_64: Process 7054 attached [pid 7054] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7054] chdir("./682") = 0 [pid 7054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7054] setpgid(0, 0) = 0 [pid 7054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7054] write(3, "1000", 4) = 4 [pid 7054] close(3) = 0 [pid 7054] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7054] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7054] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7054] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7055], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7055 [pid 7054] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7054] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7055 attached [pid 7055] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7055] memfd_create("syzkaller", 0) = 3 [pid 7055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7055] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7055] munmap(0x7f5464ee2000, 524288) = 0 [pid 7055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7055] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7055] close(3) = 0 [pid 7055] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7055] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7055] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7055] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7055] ioctl(4, LOOP_CLR_FD) = 0 [pid 7055] close(4) = 0 [pid 7055] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7054] <... futex resumed>) = 0 [pid 7054] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7055] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7054] <... futex resumed>) = 0 [pid 7054] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7055] <... mknodat resumed>) = 0 [pid 7054] <... mmap resumed>) = 0x7f5464f41000 [pid 7054] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7055] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7054] <... mprotect resumed>) = 0 [pid 7054] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7056], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7056 [pid 7054] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7054] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7056 attached [pid 7056] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7056] mkdir(".", 0777 [pid 7055] <... futex resumed>) = 0 [pid 7055] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7056] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7056] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7056] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7056] chdir(".") = 0 [pid 7056] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7054] <... futex resumed>) = 0 [pid 7056] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7054] exit_group(0) = ? [pid 7055] <... futex resumed>) = ? [pid 7055] +++ exited with 0 +++ [pid 7056] <... futex resumed>) = ? [pid 7056] +++ exited with 0 +++ [pid 7054] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7054, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./682", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./682", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./682/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./682/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./682/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./682/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./682/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 148.638023][ T7055] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./682/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./682/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./682/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./682/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./682") = 0 mkdir("./683", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7057 ./strace-static-x86_64: Process 7057 attached [pid 7057] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7057] chdir("./683") = 0 [pid 7057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7057] setpgid(0, 0) = 0 [pid 7057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7057] write(3, "1000", 4) = 4 [pid 7057] close(3) = 0 [pid 7057] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7057] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7057] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7057] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7058 attached , parent_tid=[7058], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7058 [pid 7058] set_robust_list(0x7f546d3029e0, 24 [pid 7057] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7058] <... set_robust_list resumed>) = 0 [pid 7057] <... futex resumed>) = 0 [pid 7058] memfd_create("syzkaller", 0 [pid 7057] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7058] <... memfd_create resumed>) = 3 [pid 7058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7058] munmap(0x7f5464ee2000, 524288) = 0 [pid 7058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7058] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7058] close(3) = 0 [pid 7058] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7058] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7058] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7058] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7058] ioctl(4, LOOP_CLR_FD) = 0 [pid 7058] close(4) = 0 [pid 7058] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7057] <... futex resumed>) = 0 [pid 7057] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7057] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7058] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7057] <... futex resumed>) = 0 [pid 7057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7057] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7057] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7059], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7059 [pid 7057] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7057] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7058] <... mknodat resumed>) = 0 [pid 7058] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7058] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7059 attached [pid 7059] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7059] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7059] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7059] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7059] chdir(".") = 0 [pid 7059] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7057] <... futex resumed>) = 0 [pid 7057] exit_group(0) = ? [pid 7059] <... futex resumed>) = ? [pid 7059] +++ exited with 0 +++ [pid 7058] <... futex resumed>) = ? [pid 7058] +++ exited with 0 +++ [pid 7057] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7057, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./683", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./683", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./683/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./683/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./683/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./683/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./683/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./683/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./683/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./683/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./683/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./683") = 0 mkdir("./684", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 148.745831][ T7058] loop0: detected capacity change from 0 to 1024 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7060 ./strace-static-x86_64: Process 7060 attached [pid 7060] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7060] chdir("./684") = 0 [pid 7060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7060] setpgid(0, 0) = 0 [pid 7060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7060] write(3, "1000", 4) = 4 [pid 7060] close(3) = 0 [pid 7060] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7060] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7060] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7060] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7061], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7061 [pid 7060] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7060] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7061 attached [pid 7061] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7061] memfd_create("syzkaller", 0) = 3 [pid 7061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7061] munmap(0x7f5464ee2000, 524288) = 0 [pid 7061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7061] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7061] close(3) = 0 [pid 7061] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7061] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7061] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7061] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7061] ioctl(4, LOOP_CLR_FD) = 0 [pid 7061] close(4) = 0 [pid 7061] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7060] <... futex resumed>) = 0 [pid 7060] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7060] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7060] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7060] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7062 attached [pid 7062] set_robust_list(0x7f5464f619e0, 24 [pid 7060] <... clone resumed>, parent_tid=[7062], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7062 [pid 7062] <... set_robust_list resumed>) = 0 [pid 7060] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7062] mkdir(".", 0777 [pid 7060] <... futex resumed>) = 0 [pid 7062] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7060] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7061] <... futex resumed>) = 1 [pid 7061] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7061] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7062] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7061] <... futex resumed>) = 0 [pid 7061] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7062] <... mount resumed>) = 0 [pid 7062] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7062] chdir(".") = 0 [pid 7062] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7060] <... futex resumed>) = 0 [pid 7062] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7060] exit_group(0 [pid 7062] <... futex resumed>) = ? [pid 7060] <... exit_group resumed>) = ? [pid 7062] +++ exited with 0 +++ [pid 7061] <... futex resumed>) = ? [pid 7061] +++ exited with 0 +++ [pid 7060] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7060, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./684", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./684", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./684/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./684/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./684/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./684/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./684/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 148.838171][ T7061] loop0: detected capacity change from 0 to 1024 rmdir("./684/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./684/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./684/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./684/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./684") = 0 mkdir("./685", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7063 ./strace-static-x86_64: Process 7063 attached [pid 7063] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7063] chdir("./685") = 0 [pid 7063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7063] setpgid(0, 0) = 0 [pid 7063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7063] write(3, "1000", 4) = 4 [pid 7063] close(3) = 0 [pid 7063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7063] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7063] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7063] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7064 attached [pid 7064] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7064] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7063] <... clone resumed>, parent_tid=[7064], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7064 [pid 7063] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7064] <... futex resumed>) = 0 [pid 7063] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7064] memfd_create("syzkaller", 0) = 3 [pid 7064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7064] munmap(0x7f5464ee2000, 524288) = 0 [pid 7064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7064] close(3) = 0 [pid 7064] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7064] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7064] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7064] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7064] ioctl(4, LOOP_CLR_FD) = 0 [pid 7064] close(4) = 0 [pid 7064] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7063] <... futex resumed>) = 0 [pid 7063] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7063] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7063] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7063] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7065], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7065 [pid 7063] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7063] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7064] <... futex resumed>) = 1 [pid 7064] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7064] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7064] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7065 attached [pid 7065] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7065] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7065] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7065] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7065] chdir(".") = 0 [pid 7065] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7063] <... futex resumed>) = 0 [pid 7063] exit_group(0) = ? [pid 7064] <... futex resumed>) = ? [pid 7064] +++ exited with 0 +++ [pid 7065] +++ exited with 0 +++ [pid 7063] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7063, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./685", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./685", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./685/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./685/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./685/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./685/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./685/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./685/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./685/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./685/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./685/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 148.939928][ T7064] loop0: detected capacity change from 0 to 1024 rmdir("./685") = 0 mkdir("./686", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7066 ./strace-static-x86_64: Process 7066 attached [pid 7066] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7066] chdir("./686") = 0 [pid 7066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7066] setpgid(0, 0) = 0 [pid 7066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7066] write(3, "1000", 4) = 4 [pid 7066] close(3) = 0 [pid 7066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7066] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7066] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7066] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7067], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7067 [pid 7066] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7066] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7067 attached [pid 7067] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7067] memfd_create("syzkaller", 0) = 3 [pid 7067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7067] munmap(0x7f5464ee2000, 524288) = 0 [pid 7067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7067] close(3) = 0 [pid 7067] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7067] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7067] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7067] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7067] ioctl(4, LOOP_CLR_FD) = 0 [pid 7067] close(4) = 0 [pid 7067] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7066] <... futex resumed>) = 0 [pid 7066] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7066] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7066] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7066] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7068], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7068 [pid 7066] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7066] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7067] <... futex resumed>) = 1 [pid 7067] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7067] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7067] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7068 attached [pid 7068] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7068] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7068] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7068] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7068] chdir(".") = 0 [pid 7068] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7066] <... futex resumed>) = 0 [pid 7066] exit_group(0) = ? [pid 7067] <... futex resumed>) = ? [pid 7067] +++ exited with 0 +++ [pid 7068] <... futex resumed>) = ? [pid 7068] +++ exited with 0 +++ [pid 7066] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7066, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./686", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./686", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./686/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./686/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./686/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./686/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./686/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./686/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./686/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./686/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./686/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./686") = 0 mkdir("./687", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 149.040781][ T7067] loop0: detected capacity change from 0 to 1024 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7069 ./strace-static-x86_64: Process 7069 attached [pid 7069] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7069] chdir("./687") = 0 [pid 7069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7069] setpgid(0, 0) = 0 [pid 7069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7069] write(3, "1000", 4) = 4 [pid 7069] close(3) = 0 [pid 7069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7069] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7069] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7069] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7070], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7070 [pid 7069] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7069] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7070 attached [pid 7070] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7070] memfd_create("syzkaller", 0) = 3 [pid 7070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7070] munmap(0x7f5464ee2000, 524288) = 0 [pid 7070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7070] close(3) = 0 [pid 7070] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7070] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7070] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7070] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7070] ioctl(4, LOOP_CLR_FD) = 0 [pid 7070] close(4) = 0 [pid 7070] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7070] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7069] <... futex resumed>) = 0 [pid 7069] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7070] <... futex resumed>) = 0 [pid 7070] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7069] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7069] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7069] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7071], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7071 [pid 7070] <... mknodat resumed>) = 0 [pid 7070] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7069] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7070] <... futex resumed>) = 0 [pid 7070] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7071 attached [pid 7071] set_robust_list(0x7f5464f619e0, 24 [pid 7069] <... futex resumed>) = 0 [pid 7071] <... set_robust_list resumed>) = 0 [pid 7069] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7071] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7071] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7071] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7071] chdir(".") = 0 [pid 7071] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7069] <... futex resumed>) = 0 [pid 7071] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7069] exit_group(0) = ? [pid 7070] <... futex resumed>) = ? [pid 7070] +++ exited with 0 +++ [pid 7071] <... futex resumed>) = ? [pid 7071] +++ exited with 0 +++ [pid 7069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7069, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./687", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./687", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./687/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./687/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./687/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./687/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./687/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./687/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./687/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./687/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./687/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./687") = 0 mkdir("./688", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7072 [ 149.153097][ T7070] loop0: detected capacity change from 0 to 1024 ./strace-static-x86_64: Process 7072 attached [pid 7072] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7072] chdir("./688") = 0 [pid 7072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7072] setpgid(0, 0) = 0 [pid 7072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7072] write(3, "1000", 4) = 4 [pid 7072] close(3) = 0 [pid 7072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7072] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7072] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7072] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7073], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7073 [pid 7072] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7072] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7073 attached [pid 7073] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7073] memfd_create("syzkaller", 0) = 3 [pid 7073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7073] munmap(0x7f5464ee2000, 524288) = 0 [pid 7073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7073] close(3) = 0 [pid 7073] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7073] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7073] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7073] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7073] ioctl(4, LOOP_CLR_FD) = 0 [pid 7073] close(4) = 0 [pid 7073] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7072] <... futex resumed>) = 0 [pid 7072] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7072] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7072] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7072] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7074], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7074 [pid 7072] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7072] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7074 attached [pid 7074] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7074] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7074] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7073] <... futex resumed>) = 1 [pid 7073] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7074] <... mount resumed>) = 0 [pid 7074] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7074] chdir(".") = 0 [pid 7074] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7072] <... futex resumed>) = 0 [pid 7073] <... mknodat resumed>) = 0 [pid 7073] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7073] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7074] <... futex resumed>) = 1 [pid 7074] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7072] exit_group(0) = ? [pid 7074] <... futex resumed>) = ? [pid 7074] +++ exited with 0 +++ [pid 7073] <... futex resumed>) = ? [pid 7073] +++ exited with 0 +++ [pid 7072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7072, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./688", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./688", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./688/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./688/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./688/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./688/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 149.246933][ T7073] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "./688/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./688/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./688/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./688/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./688/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./688") = 0 mkdir("./689", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7075 ./strace-static-x86_64: Process 7075 attached [pid 7075] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7075] chdir("./689") = 0 [pid 7075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7075] setpgid(0, 0) = 0 [pid 7075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7075] write(3, "1000", 4) = 4 [pid 7075] close(3) = 0 [pid 7075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7075] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7075] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7075] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7076], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7076 [pid 7075] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7075] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7076 attached [pid 7076] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7076] memfd_create("syzkaller", 0) = 3 [pid 7076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7076] munmap(0x7f5464ee2000, 524288) = 0 [pid 7076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7076] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7076] close(3) = 0 [pid 7076] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7076] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7076] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7076] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7076] ioctl(4, LOOP_CLR_FD) = 0 [pid 7076] close(4) = 0 [pid 7076] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7076] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7075] <... futex resumed>) = 0 [pid 7075] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7076] <... futex resumed>) = 0 [pid 7075] <... futex resumed>) = 1 [pid 7076] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7075] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7075] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7076] <... mknodat resumed>) = 0 [pid 7075] <... mprotect resumed>) = 0 [pid 7076] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7075] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7076] <... futex resumed>) = 0 [pid 7076] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7077 attached [pid 7075] <... clone resumed>, parent_tid=[7077], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7077 [pid 7077] set_robust_list(0x7f5464f619e0, 24 [pid 7075] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7077] <... set_robust_list resumed>) = 0 [pid 7075] <... futex resumed>) = 0 [pid 7075] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7077] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7077] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7077] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7077] chdir(".") = 0 [pid 7077] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7075] <... futex resumed>) = 0 [pid 7075] exit_group(0) = ? [pid 7076] <... futex resumed>) = ? [pid 7076] +++ exited with 0 +++ [pid 7077] +++ exited with 0 +++ [pid 7075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7075, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./689", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./689", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./689/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./689/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 149.361963][ T7076] loop0: detected capacity change from 0 to 1024 lstat("./689/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./689/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./689/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./689/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./689/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./689/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./689/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./689") = 0 mkdir("./690", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7078 ./strace-static-x86_64: Process 7078 attached [pid 7078] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7078] chdir("./690") = 0 [pid 7078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7078] setpgid(0, 0) = 0 [pid 7078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7078] write(3, "1000", 4) = 4 [pid 7078] close(3) = 0 [pid 7078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7078] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7078] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7078] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7079], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7079 ./strace-static-x86_64: Process 7079 attached [pid 7078] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7079] set_robust_list(0x7f546d3029e0, 24 [pid 7078] <... futex resumed>) = 0 [pid 7078] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7079] <... set_robust_list resumed>) = 0 [pid 7079] memfd_create("syzkaller", 0) = 3 [pid 7079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7079] munmap(0x7f5464ee2000, 524288) = 0 [pid 7079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7079] close(3) = 0 [pid 7079] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7079] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7079] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7079] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7079] ioctl(4, LOOP_CLR_FD) = 0 [pid 7079] close(4) = 0 [pid 7079] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7078] <... futex resumed>) = 0 [pid 7078] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7078] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7078] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7078] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7079] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7078] <... clone resumed>, parent_tid=[7080], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7080 [pid 7078] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7078] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7079] <... mknodat resumed>) = 0 [pid 7079] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7079] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7080 attached [pid 7080] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7080] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7080] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7080] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7080] chdir(".") = 0 [pid 7080] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7078] <... futex resumed>) = 0 [pid 7078] exit_group(0 [pid 7080] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7078] <... exit_group resumed>) = ? [pid 7080] <... futex resumed>) = ? [pid 7079] <... futex resumed>) = ? [pid 7079] +++ exited with 0 +++ [pid 7080] +++ exited with 0 +++ [pid 7078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7078, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./690", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./690", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 149.475478][ T7079] loop0: detected capacity change from 0 to 1024 umount2("./690/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./690/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./690/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./690/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./690/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./690/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./690/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./690/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./690/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./690") = 0 mkdir("./691", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7081 ./strace-static-x86_64: Process 7081 attached [pid 7081] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7081] chdir("./691") = 0 [pid 7081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7081] setpgid(0, 0) = 0 [pid 7081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7081] write(3, "1000", 4) = 4 [pid 7081] close(3) = 0 [pid 7081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7081] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7081] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7081] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7082 attached , parent_tid=[7082], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7082 [pid 7082] set_robust_list(0x7f546d3029e0, 24 [pid 7081] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7081] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7082] <... set_robust_list resumed>) = 0 [pid 7082] memfd_create("syzkaller", 0) = 3 [pid 7082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7082] munmap(0x7f5464ee2000, 524288) = 0 [pid 7082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7082] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7082] close(3) = 0 [pid 7082] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7082] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7082] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7082] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7082] ioctl(4, LOOP_CLR_FD) = 0 [pid 7082] close(4) = 0 [pid 7082] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7081] <... futex resumed>) = 0 [pid 7082] <... futex resumed>) = 1 [pid 7081] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7082] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7081] <... futex resumed>) = 0 [pid 7081] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7081] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7081] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7083 attached , parent_tid=[7083], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7083 [pid 7083] set_robust_list(0x7f5464f619e0, 24 [pid 7081] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7083] <... set_robust_list resumed>) = 0 [pid 7081] <... futex resumed>) = 0 [pid 7083] mkdir(".", 0777 [pid 7081] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7083] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7083] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7082] <... mknodat resumed>) = 0 [pid 7083] <... mount resumed>) = 0 [pid 7082] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7083] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7082] <... futex resumed>) = 0 [pid 7083] chdir("." [pid 7082] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7083] <... chdir resumed>) = 0 [pid 7083] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7083] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7081] <... futex resumed>) = 0 [pid 7081] exit_group(0 [pid 7083] <... futex resumed>) = ? [pid 7082] <... futex resumed>) = ? [pid 7081] <... exit_group resumed>) = ? [pid 7083] +++ exited with 0 +++ [pid 7082] +++ exited with 0 +++ [pid 7081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7081, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./691", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./691", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./691/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 149.594862][ T7082] loop0: detected capacity change from 0 to 1024 umount2("./691/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./691/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./691/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./691/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./691/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./691/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./691/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./691/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./691") = 0 mkdir("./692", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7084 ./strace-static-x86_64: Process 7084 attached [pid 7084] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7084] chdir("./692") = 0 [pid 7084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7084] setpgid(0, 0) = 0 [pid 7084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7084] write(3, "1000", 4) = 4 [pid 7084] close(3) = 0 [pid 7084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7084] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7084] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7084] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7085 attached , parent_tid=[7085], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7085 [pid 7084] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7084] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7085] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7085] memfd_create("syzkaller", 0) = 3 [pid 7085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7085] munmap(0x7f5464ee2000, 524288) = 0 [pid 7085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7085] close(3) = 0 [pid 7085] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7085] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7085] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7085] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7085] ioctl(4, LOOP_CLR_FD) = 0 [pid 7085] close(4) = 0 [pid 7085] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7084] <... futex resumed>) = 0 [pid 7085] <... futex resumed>) = 1 [pid 7084] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7084] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7085] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7084] <... mmap resumed>) = 0x7f5464f41000 [pid 7084] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7084] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7086 attached , parent_tid=[7086], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7086 [pid 7084] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7084] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7086] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7085] <... mknodat resumed>) = 0 [pid 7086] mkdir(".", 0777 [pid 7085] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7085] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7086] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7086] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7086] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7086] chdir(".") = 0 [pid 7086] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7084] <... futex resumed>) = 0 [pid 7086] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7084] exit_group(0 [pid 7086] <... futex resumed>) = ? [pid 7084] <... exit_group resumed>) = ? [pid 7086] +++ exited with 0 +++ [pid 7085] <... futex resumed>) = ? [pid 7085] +++ exited with 0 +++ [pid 7084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7084, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./692", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./692", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 149.712775][ T7085] loop0: detected capacity change from 0 to 1024 umount2("./692/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./692/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./692/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./692/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./692/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./692/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./692/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./692/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./692/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./692") = 0 mkdir("./693", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7087 ./strace-static-x86_64: Process 7087 attached [pid 7087] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7087] chdir("./693") = 0 [pid 7087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7087] setpgid(0, 0) = 0 [pid 7087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7087] write(3, "1000", 4) = 4 [pid 7087] close(3) = 0 [pid 7087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7087] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7087] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7087] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7088], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7088 ./strace-static-x86_64: Process 7088 attached [pid 7088] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7088] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7087] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7088] <... futex resumed>) = 0 [pid 7087] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7088] memfd_create("syzkaller", 0) = 3 [pid 7088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7088] munmap(0x7f5464ee2000, 524288) = 0 [pid 7088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7088] close(3) = 0 [pid 7088] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7088] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7088] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7088] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7088] ioctl(4, LOOP_CLR_FD) = 0 [pid 7088] close(4) = 0 [pid 7088] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7087] <... futex resumed>) = 0 [pid 7087] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7087] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7087] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7087] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7089], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7089 [pid 7087] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7087] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7088] <... futex resumed>) = 1 [pid 7088] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7088] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7088] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7089 attached [pid 7089] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7089] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7089] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7089] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7089] chdir(".") = 0 [pid 7089] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7087] <... futex resumed>) = 0 [pid 7087] exit_group(0) = ? [pid 7088] <... futex resumed>) = ? [pid 7088] +++ exited with 0 +++ [pid 7089] <... futex resumed>) = ? [pid 7089] +++ exited with 0 +++ [pid 7087] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7087, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./693", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./693", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./693/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./693/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./693/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./693/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./693/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 [ 149.822857][ T7088] loop0: detected capacity change from 0 to 1024 close(4) = 0 rmdir("./693/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./693/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./693/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./693/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./693") = 0 mkdir("./694", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7090 ./strace-static-x86_64: Process 7090 attached [pid 7090] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7090] chdir("./694") = 0 [pid 7090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7090] setpgid(0, 0) = 0 [pid 7090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7090] write(3, "1000", 4) = 4 [pid 7090] close(3) = 0 [pid 7090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7090] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7090] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7090] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7091], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7091 [pid 7090] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7090] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7091 attached [pid 7091] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7091] memfd_create("syzkaller", 0) = 3 [pid 7091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7091] munmap(0x7f5464ee2000, 524288) = 0 [pid 7091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7091] close(3) = 0 [pid 7091] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7091] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7091] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7091] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7091] ioctl(4, LOOP_CLR_FD) = 0 [pid 7091] close(4) = 0 [pid 7091] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7090] <... futex resumed>) = 0 [pid 7090] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7090] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7090] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7090] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7092 attached , parent_tid=[7092], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7092 [pid 7090] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7090] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7091] <... futex resumed>) = 1 [pid 7091] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7092] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7092] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7092] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7091] <... mknodat resumed>) = 0 [pid 7091] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7091] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7092] <... mount resumed>) = 0 [pid 7092] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7092] chdir(".") = 0 [pid 7092] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7090] <... futex resumed>) = 0 [pid 7090] exit_group(0) = ? [pid 7091] <... futex resumed>) = ? [pid 7091] +++ exited with 0 +++ [pid 7092] <... futex resumed>) = ? [pid 7092] +++ exited with 0 +++ [pid 7090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7090, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./694", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./694", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 149.920328][ T7091] loop0: detected capacity change from 0 to 1024 umount2("./694/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./694/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./694/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./694/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./694/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./694/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./694/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./694/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./694/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./694") = 0 mkdir("./695", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7093 ./strace-static-x86_64: Process 7093 attached [pid 7093] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7093] chdir("./695") = 0 [pid 7093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7093] setpgid(0, 0) = 0 [pid 7093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7093] write(3, "1000", 4) = 4 [pid 7093] close(3) = 0 [pid 7093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7093] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7093] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7093] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7094], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7094 [pid 7093] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7093] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7094 attached [pid 7094] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7094] memfd_create("syzkaller", 0) = 3 [pid 7094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7094] munmap(0x7f5464ee2000, 524288) = 0 [pid 7094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7094] close(3) = 0 [pid 7094] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7094] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7094] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7094] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7094] ioctl(4, LOOP_CLR_FD) = 0 [pid 7094] close(4) = 0 [pid 7094] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7093] <... futex resumed>) = 0 [pid 7093] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7093] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7093] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7093] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7095], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7095 [pid 7093] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7093] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7094] <... futex resumed>) = 1 [pid 7094] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7094] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7094] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7095 attached [pid 7095] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7095] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7095] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7095] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7095] chdir(".") = 0 [pid 7095] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7093] <... futex resumed>) = 0 [pid 7093] exit_group(0) = ? [pid 7094] <... futex resumed>) = ? [pid 7094] +++ exited with 0 +++ [pid 7095] <... futex resumed>) = ? [pid 7095] +++ exited with 0 +++ [pid 7093] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7093, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./695", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./695", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./695/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./695/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./695/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./695/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./695/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./695/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./695/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./695/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./695/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./695") = 0 mkdir("./696", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 150.012858][ T7094] loop0: detected capacity change from 0 to 1024 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7096 ./strace-static-x86_64: Process 7096 attached [pid 7096] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7096] chdir("./696") = 0 [pid 7096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7096] setpgid(0, 0) = 0 [pid 7096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7096] write(3, "1000", 4) = 4 [pid 7096] close(3) = 0 [pid 7096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7096] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7096] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7096] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7097], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7097 [pid 7096] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7096] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7097 attached [pid 7097] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7097] memfd_create("syzkaller", 0) = 3 [pid 7097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7097] munmap(0x7f5464ee2000, 524288) = 0 [pid 7097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7097] close(3) = 0 [pid 7097] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7097] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7097] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7097] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7097] ioctl(4, LOOP_CLR_FD) = 0 [pid 7097] close(4) = 0 [pid 7097] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7096] <... futex resumed>) = 0 [pid 7096] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7096] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7097] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7096] <... futex resumed>) = 0 [pid 7096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7096] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7096] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7098 attached [pid 7098] set_robust_list(0x7f5464f619e0, 24 [pid 7096] <... clone resumed>, parent_tid=[7098], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7098 [pid 7098] <... set_robust_list resumed>) = 0 [pid 7098] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7096] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7098] <... futex resumed>) = 0 [pid 7096] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7098] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7098] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7097] <... mknodat resumed>) = 0 [pid 7097] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7097] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7098] <... mount resumed>) = 0 [pid 7098] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7098] chdir(".") = 0 [pid 7098] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7096] <... futex resumed>) = 0 [pid 7096] exit_group(0 [pid 7097] <... futex resumed>) = ? [pid 7096] <... exit_group resumed>) = ? [pid 7097] +++ exited with 0 +++ [pid 7098] +++ exited with 0 +++ [pid 7096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7096, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./696", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./696", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 150.110633][ T7097] loop0: detected capacity change from 0 to 1024 umount2("./696/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./696/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./696/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./696/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./696/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./696/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./696/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./696/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./696/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./696") = 0 mkdir("./697", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7099 ./strace-static-x86_64: Process 7099 attached [pid 7099] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7099] chdir("./697") = 0 [pid 7099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7099] setpgid(0, 0) = 0 [pid 7099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7099] write(3, "1000", 4) = 4 [pid 7099] close(3) = 0 [pid 7099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7099] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7099] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7099] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7100 attached , parent_tid=[7100], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7100 [pid 7100] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7099] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7099] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7100] memfd_create("syzkaller", 0) = 3 [pid 7100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7100] munmap(0x7f5464ee2000, 524288) = 0 [pid 7100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7100] close(3) = 0 [pid 7100] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7100] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7100] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7100] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7100] ioctl(4, LOOP_CLR_FD) = 0 [pid 7100] close(4) = 0 [pid 7100] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7099] <... futex resumed>) = 0 [pid 7099] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7099] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7100] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7099] <... mmap resumed>) = 0x7f5464f41000 [pid 7099] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7099] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7101], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7101 [pid 7099] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7099] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7100] <... mknodat resumed>) = 0 [pid 7100] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7100] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7101 attached [pid 7101] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7101] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7101] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7101] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7101] chdir(".") = 0 [pid 7101] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7099] <... futex resumed>) = 0 [pid 7099] exit_group(0) = ? [pid 7101] <... futex resumed>) = ? [pid 7100] <... futex resumed>) = ? [pid 7101] +++ exited with 0 +++ [pid 7100] +++ exited with 0 +++ [pid 7099] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7099, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./697", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./697", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./697/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./697/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./697/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./697/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./697/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./697/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./697/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./697/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./697/binderfs") = 0 [ 150.228140][ T7100] loop0: detected capacity change from 0 to 1024 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./697") = 0 mkdir("./698", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7102 ./strace-static-x86_64: Process 7102 attached [pid 7102] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7102] chdir("./698") = 0 [pid 7102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7102] setpgid(0, 0) = 0 [pid 7102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7102] write(3, "1000", 4) = 4 [pid 7102] close(3) = 0 [pid 7102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7102] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7102] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7102] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7103], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7103 [pid 7102] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7102] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7103 attached [pid 7103] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7103] memfd_create("syzkaller", 0) = 3 [pid 7103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7103] munmap(0x7f5464ee2000, 524288) = 0 [pid 7103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7103] close(3) = 0 [pid 7103] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7103] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7103] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7103] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7103] ioctl(4, LOOP_CLR_FD) = 0 [pid 7103] close(4) = 0 [pid 7103] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7102] <... futex resumed>) = 0 [pid 7102] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7102] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7102] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7102] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7104], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7104 [pid 7102] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7102] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7103] <... futex resumed>) = 1 [pid 7103] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7103] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7103] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7104 attached [pid 7104] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7104] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7104] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7104] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7104] chdir(".") = 0 [pid 7104] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7102] <... futex resumed>) = 0 [pid 7102] exit_group(0) = ? [pid 7103] <... futex resumed>) = ? [pid 7103] +++ exited with 0 +++ [pid 7104] +++ exited with 0 +++ [pid 7102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7102, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./698", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./698", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./698/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 150.324167][ T7103] loop0: detected capacity change from 0 to 1024 umount2("./698/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./698/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./698/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./698/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./698/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./698/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./698/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./698/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./698") = 0 mkdir("./699", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7105 ./strace-static-x86_64: Process 7105 attached [pid 7105] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7105] chdir("./699") = 0 [pid 7105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7105] setpgid(0, 0) = 0 [pid 7105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7105] write(3, "1000", 4) = 4 [pid 7105] close(3) = 0 [pid 7105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7105] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7105] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7105] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7106 attached , parent_tid=[7106], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7106 [pid 7106] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7106] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7105] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7106] <... futex resumed>) = 0 [pid 7105] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7106] memfd_create("syzkaller", 0) = 3 [pid 7106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7106] munmap(0x7f5464ee2000, 524288) = 0 [pid 7106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7106] close(3) = 0 [pid 7106] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7106] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7106] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7106] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7106] ioctl(4, LOOP_CLR_FD) = 0 [pid 7106] close(4) = 0 [pid 7106] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7105] <... futex resumed>) = 0 [pid 7105] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7105] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7105] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7105] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7107], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7107 [pid 7105] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7105] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7106] <... futex resumed>) = 1 [pid 7106] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7107 attached [pid 7107] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7107] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7107] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7106] <... mknodat resumed>) = 0 [pid 7106] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7106] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7107] <... mount resumed>) = 0 [pid 7107] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7107] chdir(".") = 0 [pid 7107] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7105] <... futex resumed>) = 0 [pid 7107] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7105] exit_group(0) = ? [pid 7107] <... futex resumed>) = ? [pid 7107] +++ exited with 0 +++ [pid 7106] <... futex resumed>) = ? [pid 7106] +++ exited with 0 +++ [pid 7105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7105, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./699", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./699", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./699/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./699/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./699/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./699/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./699/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./699/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./699/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 150.440107][ T7106] loop0: detected capacity change from 0 to 1024 lstat("./699/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./699/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./699") = 0 mkdir("./700", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7108 ./strace-static-x86_64: Process 7108 attached [pid 7108] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7108] chdir("./700") = 0 [pid 7108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7108] setpgid(0, 0) = 0 [pid 7108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7108] write(3, "1000", 4) = 4 [pid 7108] close(3) = 0 [pid 7108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7108] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7108] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7108] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7109], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7109 [pid 7108] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7108] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7109 attached [pid 7109] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7109] memfd_create("syzkaller", 0) = 3 [pid 7109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7109] munmap(0x7f5464ee2000, 524288) = 0 [pid 7109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7109] close(3) = 0 [pid 7109] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7109] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7109] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7109] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7109] ioctl(4, LOOP_CLR_FD) = 0 [pid 7109] close(4) = 0 [pid 7109] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7108] <... futex resumed>) = 0 [pid 7108] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7109] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7108] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7108] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7108] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7110], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7110 [pid 7108] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7108] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7109] <... mknodat resumed>) = 0 [pid 7109] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7109] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7110 attached [pid 7110] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7110] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7110] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7110] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7110] chdir(".") = 0 [pid 7110] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7110] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7108] <... futex resumed>) = 0 [pid 7108] exit_group(0 [pid 7109] <... futex resumed>) = ? [pid 7108] <... exit_group resumed>) = ? [pid 7109] +++ exited with 0 +++ [pid 7110] <... futex resumed>) = ? [pid 7110] +++ exited with 0 +++ [pid 7108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7108, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./700", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./700", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 150.537640][ T7109] loop0: detected capacity change from 0 to 1024 umount2("./700/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./700/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./700/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./700/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./700/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./700/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./700/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./700/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./700/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./700") = 0 mkdir("./701", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7111 ./strace-static-x86_64: Process 7111 attached [pid 7111] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7111] chdir("./701") = 0 [pid 7111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7111] setpgid(0, 0) = 0 [pid 7111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7111] write(3, "1000", 4) = 4 [pid 7111] close(3) = 0 [pid 7111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7111] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7111] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7111] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7112], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7112 [pid 7111] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7111] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7112 attached [pid 7112] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7112] memfd_create("syzkaller", 0) = 3 [pid 7112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7112] munmap(0x7f5464ee2000, 524288) = 0 [pid 7112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7112] close(3) = 0 [pid 7112] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7112] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7112] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7112] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7112] ioctl(4, LOOP_CLR_FD) = 0 [pid 7112] close(4) = 0 [pid 7112] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7112] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7111] <... futex resumed>) = 0 [pid 7111] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7111] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7111] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7111] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7113], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7113 [pid 7111] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7111] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7112] <... futex resumed>) = 0 [pid 7112] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7113 attached [pid 7113] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7113] mkdir(".", 0777 [pid 7112] <... mknodat resumed>) = 0 [pid 7112] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7113] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7113] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7112] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7113] <... mount resumed>) = 0 [pid 7113] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7113] chdir(".") = 0 [pid 7113] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7111] <... futex resumed>) = 0 [pid 7111] exit_group(0 [pid 7112] <... futex resumed>) = ? [pid 7111] <... exit_group resumed>) = ? [pid 7112] +++ exited with 0 +++ [pid 7113] +++ exited with 0 +++ [pid 7111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7111, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./701", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./701", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./701/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./701/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./701/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./701/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./701/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 [ 150.648501][ T7112] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./701/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./701/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./701/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./701/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./701") = 0 mkdir("./702", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7114 attached , child_tidptr=0x5555561b25d0) = 7114 [pid 7114] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7114] chdir("./702") = 0 [pid 7114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7114] setpgid(0, 0) = 0 [pid 7114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7114] write(3, "1000", 4) = 4 [pid 7114] close(3) = 0 [pid 7114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7114] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7114] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7114] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7115 attached , parent_tid=[7115], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7115 [pid 7114] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7114] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7115] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7115] memfd_create("syzkaller", 0) = 3 [pid 7115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7115] munmap(0x7f5464ee2000, 524288) = 0 [pid 7115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7115] close(3) = 0 [pid 7115] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7115] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7115] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7115] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7115] ioctl(4, LOOP_CLR_FD) = 0 [pid 7115] close(4) = 0 [pid 7115] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7114] <... futex resumed>) = 0 [pid 7114] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7114] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7115] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7114] <... mmap resumed>) = 0x7f5464f41000 [pid 7114] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7114] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7116], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7116 [pid 7114] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7114] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7115] <... mknodat resumed>) = 0 [pid 7115] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7115] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7116 attached [pid 7116] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7116] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7116] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7116] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7116] chdir(".") = 0 [pid 7116] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7114] <... futex resumed>) = 0 [pid 7116] <... futex resumed>) = 1 [pid 7116] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7114] exit_group(0 [pid 7116] <... futex resumed>) = ? [pid 7114] <... exit_group resumed>) = ? [pid 7115] <... futex resumed>) = ? [pid 7116] +++ exited with 0 +++ [pid 7115] +++ exited with 0 +++ [pid 7114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7114, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./702", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./702", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./702/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./702/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 150.759963][ T7115] loop0: detected capacity change from 0 to 1024 lstat("./702/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./702/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./702/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./702/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./702/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./702/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./702/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./702") = 0 mkdir("./703", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7117 ./strace-static-x86_64: Process 7117 attached [pid 7117] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7117] chdir("./703") = 0 [pid 7117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7117] setpgid(0, 0) = 0 [pid 7117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7117] write(3, "1000", 4) = 4 [pid 7117] close(3) = 0 [pid 7117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7117] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7117] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7117] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7118], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7118 [pid 7117] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7117] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7118 attached [pid 7118] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7118] memfd_create("syzkaller", 0) = 3 [pid 7118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7118] munmap(0x7f5464ee2000, 524288) = 0 [pid 7118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7118] close(3) = 0 [pid 7118] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7118] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7118] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7118] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7118] ioctl(4, LOOP_CLR_FD) = 0 [pid 7118] close(4) = 0 [pid 7118] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7117] <... futex resumed>) = 0 [pid 7117] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7117] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7117] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7117] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7119], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7119 [pid 7118] <... futex resumed>) = 1 [pid 7117] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7118] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7117] <... futex resumed>) = 0 [pid 7117] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7119 attached [pid 7119] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7119] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7119] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7118] <... mknodat resumed>) = 0 [pid 7118] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7118] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7119] <... mount resumed>) = 0 [pid 7119] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7119] chdir(".") = 0 [pid 7119] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7117] <... futex resumed>) = 0 [pid 7119] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7117] exit_group(0) = ? [pid 7118] <... futex resumed>) = ? [pid 7118] +++ exited with 0 +++ [pid 7119] <... futex resumed>) = ? [pid 7119] +++ exited with 0 +++ [pid 7117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7117, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./703", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./703", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./703/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./703/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 150.863928][ T7118] loop0: detected capacity change from 0 to 1024 lstat("./703/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./703/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./703/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./703/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./703/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./703/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./703/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./703") = 0 mkdir("./704", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7120 attached , child_tidptr=0x5555561b25d0) = 7120 [pid 7120] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7120] chdir("./704") = 0 [pid 7120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7120] setpgid(0, 0) = 0 [pid 7120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7120] write(3, "1000", 4) = 4 [pid 7120] close(3) = 0 [pid 7120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7120] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7120] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7120] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7121 attached , parent_tid=[7121], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7121 [pid 7120] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7120] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7121] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7121] memfd_create("syzkaller", 0) = 3 [pid 7121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7121] munmap(0x7f5464ee2000, 524288) = 0 [pid 7121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7121] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7121] close(3) = 0 [pid 7121] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7121] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7121] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7121] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7121] ioctl(4, LOOP_CLR_FD) = 0 [pid 7121] close(4) = 0 [pid 7121] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7120] <... futex resumed>) = 0 [pid 7120] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7120] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7121] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7120] <... mmap resumed>) = 0x7f5464f41000 [pid 7120] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7120] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7122], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7122 [pid 7120] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7120] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7122 attached [pid 7122] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7122] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7122] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7121] <... mknodat resumed>) = 0 [pid 7121] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7121] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7122] <... mount resumed>) = 0 [pid 7122] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7122] chdir(".") = 0 [pid 7122] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7122] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7120] <... futex resumed>) = 0 [pid 7120] exit_group(0) = ? [pid 7122] <... futex resumed>) = ? [pid 7122] +++ exited with 0 +++ [pid 7121] <... futex resumed>) = ? [pid 7121] +++ exited with 0 +++ [pid 7120] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7120, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./704", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 150.991376][ T7121] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "./704", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./704/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./704/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./704/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./704/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./704/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./704/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./704/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./704/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./704/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./704") = 0 mkdir("./705", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7123 ./strace-static-x86_64: Process 7123 attached [pid 7123] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7123] chdir("./705") = 0 [pid 7123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7123] setpgid(0, 0) = 0 [pid 7123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7123] write(3, "1000", 4) = 4 [pid 7123] close(3) = 0 [pid 7123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7123] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7123] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7123] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7124], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7124 [pid 7123] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7123] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7124 attached [pid 7124] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7124] memfd_create("syzkaller", 0) = 3 [pid 7124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7124] munmap(0x7f5464ee2000, 524288) = 0 [pid 7124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7124] close(3) = 0 [pid 7124] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7124] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7124] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7124] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7124] ioctl(4, LOOP_CLR_FD) = 0 [pid 7124] close(4) = 0 [pid 7124] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7123] <... futex resumed>) = 0 [pid 7123] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7123] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7124] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7123] <... mmap resumed>) = 0x7f5464f41000 [pid 7123] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7123] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7125], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7125 [pid 7123] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7123] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7125 attached [pid 7125] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7125] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7125] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7124] <... mknodat resumed>) = 0 [pid 7125] <... mount resumed>) = 0 [pid 7125] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7124] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7125] chdir(".") = 0 [pid 7125] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7123] <... futex resumed>) = 0 [pid 7123] exit_group(0) = ? [pid 7125] <... futex resumed>) = ? [pid 7125] +++ exited with 0 +++ [pid 7124] <... futex resumed>) = ? [pid 7124] +++ exited with 0 +++ [pid 7123] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7123, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./705", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./705", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./705/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./705/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./705/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./705/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./705/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 151.110580][ T7124] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./705/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./705/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./705/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./705/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./705") = 0 mkdir("./706", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7126 ./strace-static-x86_64: Process 7126 attached [pid 7126] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7126] chdir("./706") = 0 [pid 7126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7126] setpgid(0, 0) = 0 [pid 7126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7126] write(3, "1000", 4) = 4 [pid 7126] close(3) = 0 [pid 7126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7126] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7126] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7126] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7127 attached [pid 7127] set_robust_list(0x7f546d3029e0, 24 [pid 7126] <... clone resumed>, parent_tid=[7127], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7127 [pid 7126] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7126] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7127] <... set_robust_list resumed>) = 0 [pid 7127] memfd_create("syzkaller", 0) = 3 [pid 7127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7127] munmap(0x7f5464ee2000, 524288) = 0 [pid 7127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7127] close(3) = 0 [pid 7127] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7127] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7127] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7127] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7127] ioctl(4, LOOP_CLR_FD) = 0 [pid 7127] close(4) = 0 [pid 7127] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7126] <... futex resumed>) = 0 [pid 7126] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7126] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7126] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7126] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7128], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7128 [pid 7126] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7126] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7127] <... futex resumed>) = 1 [pid 7127] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7128 attached [pid 7128] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7128] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7128] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7127] <... mknodat resumed>) = 0 [pid 7127] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7127] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7128] <... mount resumed>) = 0 [pid 7128] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7128] chdir(".") = 0 [pid 7128] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7126] <... futex resumed>) = 0 [pid 7128] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7126] exit_group(0 [pid 7128] <... futex resumed>) = ? [pid 7126] <... exit_group resumed>) = ? [pid 7128] +++ exited with 0 +++ [pid 7127] <... futex resumed>) = ? [pid 7127] +++ exited with 0 +++ [pid 7126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7126, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./706", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./706", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./706/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./706/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./706/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./706/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 151.243564][ T7127] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "./706/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./706/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./706/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./706/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./706/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./706") = 0 mkdir("./707", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7129 ./strace-static-x86_64: Process 7129 attached [pid 7129] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7129] chdir("./707") = 0 [pid 7129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7129] setpgid(0, 0) = 0 [pid 7129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7129] write(3, "1000", 4) = 4 [pid 7129] close(3) = 0 [pid 7129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7129] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7129] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7129] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7130 attached , parent_tid=[7130], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7130 [pid 7129] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7129] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7130] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7130] memfd_create("syzkaller", 0) = 3 [pid 7130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7130] munmap(0x7f5464ee2000, 524288) = 0 [pid 7130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7130] close(3) = 0 [pid 7130] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7130] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7130] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7130] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7130] ioctl(4, LOOP_CLR_FD) = 0 [pid 7130] close(4) = 0 [pid 7130] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7130] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7129] <... futex resumed>) = 0 [pid 7129] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7130] <... futex resumed>) = 0 [pid 7129] <... futex resumed>) = 1 [pid 7130] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7129] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7130] <... mknodat resumed>) = 0 [pid 7129] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7130] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7130] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7129] <... mprotect resumed>) = 0 [pid 7129] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7131 attached , parent_tid=[7131], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7131 [pid 7131] set_robust_list(0x7f5464f619e0, 24 [pid 7129] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7131] <... set_robust_list resumed>) = 0 [pid 7129] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7131] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7131] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7131] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7131] chdir(".") = 0 [pid 7131] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7129] <... futex resumed>) = 0 [pid 7131] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7129] exit_group(0 [pid 7130] <... futex resumed>) = ? [pid 7129] <... exit_group resumed>) = ? [pid 7130] +++ exited with 0 +++ [pid 7131] <... futex resumed>) = ? [pid 7131] +++ exited with 0 +++ [pid 7129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7129, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./707", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./707", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 151.349806][ T7130] loop0: detected capacity change from 0 to 1024 umount2("./707/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./707/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./707/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./707/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./707/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./707/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./707/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./707/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./707/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./707") = 0 mkdir("./708", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7132 ./strace-static-x86_64: Process 7132 attached [pid 7132] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7132] chdir("./708") = 0 [pid 7132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7132] setpgid(0, 0) = 0 [pid 7132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7132] write(3, "1000", 4) = 4 [pid 7132] close(3) = 0 [pid 7132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7132] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7132] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7132] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7133], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7133 [pid 7132] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7132] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7133 attached [pid 7133] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7133] memfd_create("syzkaller", 0) = 3 [pid 7133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7133] munmap(0x7f5464ee2000, 524288) = 0 [pid 7133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7133] close(3) = 0 [pid 7133] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7133] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7133] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7133] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7133] ioctl(4, LOOP_CLR_FD) = 0 [pid 7133] close(4) = 0 [pid 7133] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7132] <... futex resumed>) = 0 [pid 7133] <... futex resumed>) = 1 [pid 7132] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7132] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7132] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7132] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7134], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7134 [pid 7132] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7132] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7133] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7134 attached ) = 0 [pid 7133] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7134] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7133] <... futex resumed>) = 0 [pid 7133] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7134] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7134] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7134] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7134] chdir(".") = 0 [pid 7134] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7132] <... futex resumed>) = 0 [pid 7134] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7132] exit_group(0 [pid 7134] <... futex resumed>) = ? [pid 7132] <... exit_group resumed>) = ? [pid 7134] +++ exited with 0 +++ [pid 7133] <... futex resumed>) = ? [pid 7133] +++ exited with 0 +++ [pid 7132] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7132, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./708", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./708", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./708/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./708/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./708/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 151.465514][ T7133] loop0: detected capacity change from 0 to 1024 umount2("./708/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./708/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./708/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./708/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./708/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./708/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./708") = 0 mkdir("./709", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7135 ./strace-static-x86_64: Process 7135 attached [pid 7135] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7135] chdir("./709") = 0 [pid 7135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7135] setpgid(0, 0) = 0 [pid 7135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7135] write(3, "1000", 4) = 4 [pid 7135] close(3) = 0 [pid 7135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7135] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7135] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7135] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7136], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7136 ./strace-static-x86_64: Process 7136 attached [pid 7135] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7135] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7136] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7136] memfd_create("syzkaller", 0) = 3 [pid 7136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7136] munmap(0x7f5464ee2000, 524288) = 0 [pid 7136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7136] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7136] close(3) = 0 [pid 7136] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7136] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7136] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7136] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7136] ioctl(4, LOOP_CLR_FD) = 0 [pid 7136] close(4) = 0 [pid 7136] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7136] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7135] <... futex resumed>) = 0 [pid 7135] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7136] <... futex resumed>) = 0 [pid 7135] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7136] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7135] <... futex resumed>) = 0 [pid 7135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7135] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7136] <... mknodat resumed>) = 0 [pid 7135] <... mprotect resumed>) = 0 [pid 7136] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7135] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7136] <... futex resumed>) = 0 [pid 7136] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7137 attached [pid 7135] <... clone resumed>, parent_tid=[7137], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7137 [pid 7135] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7137] set_robust_list(0x7f5464f619e0, 24 [pid 7135] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7137] <... set_robust_list resumed>) = 0 [pid 7137] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7137] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7137] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7137] chdir(".") = 0 [pid 7137] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7137] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7135] <... futex resumed>) = 0 [pid 7135] exit_group(0 [pid 7136] <... futex resumed>) = ? [pid 7135] <... exit_group resumed>) = ? [pid 7136] +++ exited with 0 +++ [pid 7137] <... futex resumed>) = ? [pid 7137] +++ exited with 0 +++ [pid 7135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7135, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./709", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./709", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./709/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./709/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./709/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./709/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./709/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./709/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./709/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./709/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./709/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./709") = 0 mkdir("./710", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 151.571432][ T7136] loop0: detected capacity change from 0 to 1024 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7138 ./strace-static-x86_64: Process 7138 attached [pid 7138] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7138] chdir("./710") = 0 [pid 7138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7138] setpgid(0, 0) = 0 [pid 7138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7138] write(3, "1000", 4) = 4 [pid 7138] close(3) = 0 [pid 7138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7138] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7138] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7138] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7139], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7139 [pid 7138] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7138] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7139 attached [pid 7139] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7139] memfd_create("syzkaller", 0) = 3 [pid 7139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7139] munmap(0x7f5464ee2000, 524288) = 0 [pid 7139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7139] close(3) = 0 [pid 7139] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7139] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7139] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7139] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7139] ioctl(4, LOOP_CLR_FD) = 0 [pid 7139] close(4) = 0 [pid 7139] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7138] <... futex resumed>) = 0 [pid 7139] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7138] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7138] <... futex resumed>) = 0 [pid 7139] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7138] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7138] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7139] <... mknodat resumed>) = 0 [pid 7138] <... mprotect resumed>) = 0 [pid 7139] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7138] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7139] <... futex resumed>) = 0 [pid 7139] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7138] <... clone resumed>, parent_tid=[7140], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7140 [pid 7138] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7138] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7140 attached [pid 7140] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7140] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7140] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7140] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7140] chdir(".") = 0 [pid 7140] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7138] <... futex resumed>) = 0 [pid 7140] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7138] exit_group(0 [pid 7140] <... futex resumed>) = ? [pid 7139] <... futex resumed>) = ? [pid 7138] <... exit_group resumed>) = ? [pid 7139] +++ exited with 0 +++ [pid 7140] +++ exited with 0 +++ [pid 7138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7138, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./710", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./710", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 151.660070][ T7139] loop0: detected capacity change from 0 to 1024 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./710/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./710/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./710/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./710/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./710/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./710/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./710/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./710/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./710/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./710") = 0 mkdir("./711", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7141 attached [pid 7141] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7141] chdir("./711") = 0 [pid 7141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7141] setpgid(0, 0) = 0 [pid 4999] <... clone resumed>, child_tidptr=0x5555561b25d0) = 7141 [pid 7141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7141] write(3, "1000", 4) = 4 [pid 7141] close(3) = 0 [pid 7141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7141] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7141] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7141] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7142], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7142 ./strace-static-x86_64: Process 7142 attached [pid 7142] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7142] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7141] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7142] <... futex resumed>) = 0 [pid 7142] memfd_create("syzkaller", 0 [pid 7141] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7142] <... memfd_create resumed>) = 3 [pid 7142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7142] munmap(0x7f5464ee2000, 524288) = 0 [pid 7142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7142] close(3) = 0 [pid 7142] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7142] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7142] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7142] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7142] ioctl(4, LOOP_CLR_FD) = 0 [pid 7142] close(4) = 0 [pid 7142] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7141] <... futex resumed>) = 0 [pid 7141] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7141] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7141] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7141] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7143], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7143 [pid 7141] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7141] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7142] <... futex resumed>) = 1 [pid 7142] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7143 attached [pid 7143] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7143] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7143] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7142] <... mknodat resumed>) = 0 [pid 7142] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7142] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7143] <... mount resumed>) = 0 [pid 7143] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7143] chdir(".") = 0 [pid 7143] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7141] <... futex resumed>) = 0 [pid 7143] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7141] exit_group(0) = ? [pid 7143] <... futex resumed>) = ? [pid 7142] <... futex resumed>) = ? [pid 7143] +++ exited with 0 +++ [pid 7142] +++ exited with 0 +++ [pid 7141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7141, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./711", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./711", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./711/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 151.778111][ T7142] loop0: detected capacity change from 0 to 1024 umount2("./711/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./711/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./711/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./711/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./711/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./711/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./711/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./711/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./711") = 0 mkdir("./712", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7144 ./strace-static-x86_64: Process 7144 attached [pid 7144] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7144] chdir("./712") = 0 [pid 7144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7144] setpgid(0, 0) = 0 [pid 7144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7144] write(3, "1000", 4) = 4 [pid 7144] close(3) = 0 [pid 7144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7144] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7144] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7144] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7145 attached [pid 7145] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7145] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7144] <... clone resumed>, parent_tid=[7145], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7145 [pid 7144] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7145] <... futex resumed>) = 0 [pid 7144] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7145] memfd_create("syzkaller", 0) = 3 [pid 7145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7145] munmap(0x7f5464ee2000, 524288) = 0 [pid 7145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7145] close(3) = 0 [pid 7145] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7145] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7145] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7145] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7145] ioctl(4, LOOP_CLR_FD) = 0 [pid 7145] close(4) = 0 [pid 7145] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7144] <... futex resumed>) = 0 [pid 7145] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7144] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7144] <... futex resumed>) = 0 [pid 7145] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7144] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7144] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7144] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7146 attached [pid 7146] set_robust_list(0x7f5464f619e0, 24 [pid 7144] <... clone resumed>, parent_tid=[7146], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7146 [pid 7146] <... set_robust_list resumed>) = 0 [pid 7144] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7146] mkdir(".", 0777 [pid 7144] <... futex resumed>) = 0 [pid 7146] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7144] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7146] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7145] <... mknodat resumed>) = 0 [pid 7145] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7145] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7146] <... mount resumed>) = 0 [pid 7146] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7146] chdir(".") = 0 [pid 7146] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7144] <... futex resumed>) = 0 [pid 7146] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7144] exit_group(0 [pid 7146] <... futex resumed>) = ? [pid 7145] <... futex resumed>) = ? [pid 7144] <... exit_group resumed>) = ? [pid 7145] +++ exited with 0 +++ [pid 7146] +++ exited with 0 +++ [pid 7144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7144, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./712", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./712", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 151.895124][ T7145] loop0: detected capacity change from 0 to 1024 umount2("./712/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./712/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./712/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./712/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./712/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./712/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./712/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./712/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./712/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./712") = 0 mkdir("./713", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7147 ./strace-static-x86_64: Process 7147 attached [pid 7147] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7147] chdir("./713") = 0 [pid 7147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7147] setpgid(0, 0) = 0 [pid 7147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7147] write(3, "1000", 4) = 4 [pid 7147] close(3) = 0 [pid 7147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7147] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7147] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7147] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7148], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7148 [pid 7147] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7147] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7148 attached [pid 7148] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7148] memfd_create("syzkaller", 0) = 3 [pid 7148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7148] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7148] munmap(0x7f5464ee2000, 524288) = 0 [pid 7148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7148] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7148] close(3) = 0 [pid 7148] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7148] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7148] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7148] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7148] ioctl(4, LOOP_CLR_FD) = 0 [pid 7148] close(4) = 0 [pid 7148] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7147] <... futex resumed>) = 0 [pid 7148] <... futex resumed>) = 1 [pid 7147] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7148] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7147] <... futex resumed>) = 0 [pid 7147] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7147] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7147] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7149], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7149 [pid 7147] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7147] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7148] <... mknodat resumed>) = 0 [pid 7148] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7148] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7149 attached [pid 7149] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7149] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7149] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7149] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7149] chdir(".") = 0 [pid 7149] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7149] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7147] <... futex resumed>) = 0 [pid 7147] exit_group(0) = ? [pid 7149] <... futex resumed>) = ? [pid 7149] +++ exited with 0 +++ [pid 7148] <... futex resumed>) = ? [pid 7148] +++ exited with 0 +++ [pid 7147] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7147, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./713", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./713", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./713/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./713/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./713/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./713/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./713/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 152.012970][ T7148] loop0: detected capacity change from 0 to 1024 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./713/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./713/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./713/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./713/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./713") = 0 mkdir("./714", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7150 ./strace-static-x86_64: Process 7150 attached [pid 7150] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7150] chdir("./714") = 0 [pid 7150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7150] setpgid(0, 0) = 0 [pid 7150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7150] write(3, "1000", 4) = 4 [pid 7150] close(3) = 0 [pid 7150] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7150] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7150] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7150] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7151 attached , parent_tid=[7151], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7151 [pid 7150] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7151] set_robust_list(0x7f546d3029e0, 24 [pid 7150] <... futex resumed>) = 0 [pid 7151] <... set_robust_list resumed>) = 0 [pid 7150] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7151] memfd_create("syzkaller", 0) = 3 [pid 7151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7151] munmap(0x7f5464ee2000, 524288) = 0 [pid 7151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7151] close(3) = 0 [pid 7151] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7151] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7151] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7151] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7151] ioctl(4, LOOP_CLR_FD) = 0 [pid 7151] close(4) = 0 [pid 7151] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7150] <... futex resumed>) = 0 [pid 7150] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7150] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7150] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7150] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7151] <... futex resumed>) = 1 [pid 7151] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7150] <... clone resumed>, parent_tid=[7152], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7152 ./strace-static-x86_64: Process 7152 attached [pid 7150] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7150] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7152] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7152] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7152] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7151] <... mknodat resumed>) = 0 [pid 7151] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7151] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7152] <... mount resumed>) = 0 [pid 7152] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7152] chdir(".") = 0 [pid 7152] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7150] <... futex resumed>) = 0 [pid 7150] exit_group(0 [pid 7151] <... futex resumed>) = ? [pid 7150] <... exit_group resumed>) = ? [pid 7151] +++ exited with 0 +++ [pid 7152] +++ exited with 0 +++ [pid 7150] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7150, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./714", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./714", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 152.125600][ T7151] loop0: detected capacity change from 0 to 1024 umount2("./714/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./714/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./714/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./714/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./714/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./714/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./714/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./714/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./714/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./714") = 0 mkdir("./715", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7153 ./strace-static-x86_64: Process 7153 attached [pid 7153] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7153] chdir("./715") = 0 [pid 7153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7153] setpgid(0, 0) = 0 [pid 7153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7153] write(3, "1000", 4) = 4 [pid 7153] close(3) = 0 [pid 7153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7153] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7153] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7153] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7154], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7154 [pid 7153] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7153] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7154 attached [pid 7154] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7154] memfd_create("syzkaller", 0) = 3 [pid 7154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7154] munmap(0x7f5464ee2000, 524288) = 0 [pid 7154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7154] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7154] close(3) = 0 [pid 7154] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7154] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7154] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7154] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7154] ioctl(4, LOOP_CLR_FD) = 0 [pid 7154] close(4) = 0 [pid 7154] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7153] <... futex resumed>) = 0 [pid 7154] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7153] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7153] <... futex resumed>) = 0 [pid 7154] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7153] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7153] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7153] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7155], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7155 [pid 7153] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7153] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7155 attached [pid 7155] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7154] <... mknodat resumed>) = 0 [pid 7155] mkdir(".", 0777 [pid 7154] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7155] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7154] <... futex resumed>) = 0 [pid 7155] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7154] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7155] <... mount resumed>) = 0 [pid 7155] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7155] chdir(".") = 0 [pid 7155] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7153] <... futex resumed>) = 0 [pid 7155] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7153] exit_group(0 [pid 7155] <... futex resumed>) = ? [pid 7154] <... futex resumed>) = ? [pid 7153] <... exit_group resumed>) = ? [pid 7155] +++ exited with 0 +++ [pid 7154] +++ exited with 0 +++ [pid 7153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7153, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./715", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./715", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./715/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./715/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./715/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./715/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./715/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 152.223860][ T7154] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./715/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./715/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./715/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./715/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./715") = 0 mkdir("./716", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7156 ./strace-static-x86_64: Process 7156 attached [pid 7156] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7156] chdir("./716") = 0 [pid 7156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7156] setpgid(0, 0) = 0 [pid 7156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7156] write(3, "1000", 4) = 4 [pid 7156] close(3) = 0 [pid 7156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7156] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7156] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7156] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7157 attached , parent_tid=[7157], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7157 [pid 7157] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7157] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7156] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7156] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7157] <... futex resumed>) = 0 [pid 7157] memfd_create("syzkaller", 0) = 3 [pid 7157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7157] munmap(0x7f5464ee2000, 524288) = 0 [pid 7157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7157] close(3) = 0 [pid 7157] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7157] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7157] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7157] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7157] ioctl(4, LOOP_CLR_FD) = 0 [pid 7157] close(4) = 0 [pid 7157] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7156] <... futex resumed>) = 0 [pid 7157] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7156] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7156] <... futex resumed>) = 0 [pid 7156] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7157] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7156] <... futex resumed>) = 0 [pid 7156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7156] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7156] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7158], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7158 [pid 7156] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7156] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7158 attached [pid 7158] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7158] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7158] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7157] <... mknodat resumed>) = 0 [pid 7157] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7157] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7158] <... mount resumed>) = 0 [pid 7158] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7158] chdir(".") = 0 [pid 7158] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7156] <... futex resumed>) = 0 [pid 7158] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7156] exit_group(0 [pid 7158] <... futex resumed>) = ? [pid 7157] <... futex resumed>) = ? [pid 7156] <... exit_group resumed>) = ? [pid 7157] +++ exited with 0 +++ [pid 7158] +++ exited with 0 +++ [pid 7156] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7156, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./716", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./716", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./716/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./716/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./716/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 152.326306][ T7157] loop0: detected capacity change from 0 to 1024 umount2("./716/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./716/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./716/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./716/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./716/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./716/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./716") = 0 mkdir("./717", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7159 ./strace-static-x86_64: Process 7159 attached [pid 7159] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7159] chdir("./717") = 0 [pid 7159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7159] setpgid(0, 0) = 0 [pid 7159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7159] write(3, "1000", 4) = 4 [pid 7159] close(3) = 0 [pid 7159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7159] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7159] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7159] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7160 attached [pid 7160] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7160] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7159] <... clone resumed>, parent_tid=[7160], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7160 [pid 7159] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7160] <... futex resumed>) = 0 [pid 7159] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7160] memfd_create("syzkaller", 0) = 3 [pid 7160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7160] munmap(0x7f5464ee2000, 524288) = 0 [pid 7160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7160] close(3) = 0 [pid 7160] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7160] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7160] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7160] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7160] ioctl(4, LOOP_CLR_FD) = 0 [pid 7160] close(4) = 0 [pid 7160] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7159] <... futex resumed>) = 0 [pid 7159] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7159] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7159] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7159] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7160] <... futex resumed>) = 1 [pid 7159] <... clone resumed>, parent_tid=[7161], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7161 [pid 7160] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7159] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7159] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7161 attached [pid 7161] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7161] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7161] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7160] <... mknodat resumed>) = 0 [pid 7160] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7160] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7161] <... mount resumed>) = 0 [pid 7161] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7161] chdir(".") = 0 [pid 7161] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7159] <... futex resumed>) = 0 [pid 7159] exit_group(0 [pid 7160] <... futex resumed>) = ? [pid 7159] <... exit_group resumed>) = ? [pid 7160] +++ exited with 0 +++ [pid 7161] <... futex resumed>) = ? [pid 7161] +++ exited with 0 +++ [pid 7159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7159, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./717", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./717", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 152.437828][ T7160] loop0: detected capacity change from 0 to 1024 umount2("./717/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./717/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./717/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./717/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./717/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./717/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./717/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./717/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./717/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./717") = 0 mkdir("./718", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7162 ./strace-static-x86_64: Process 7162 attached [pid 7162] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7162] chdir("./718") = 0 [pid 7162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7162] setpgid(0, 0) = 0 [pid 7162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7162] write(3, "1000", 4) = 4 [pid 7162] close(3) = 0 [pid 7162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7162] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7162] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7162] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7163 attached , parent_tid=[7163], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7163 [pid 7163] set_robust_list(0x7f546d3029e0, 24 [pid 7162] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7163] <... set_robust_list resumed>) = 0 [pid 7162] <... futex resumed>) = 0 [pid 7163] memfd_create("syzkaller", 0) = 3 [pid 7163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7162] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7163] <... mmap resumed>) = 0x7f5464ee2000 [pid 7163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7163] munmap(0x7f5464ee2000, 524288) = 0 [pid 7163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7163] close(3) = 0 [pid 7163] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7163] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7163] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7163] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7163] ioctl(4, LOOP_CLR_FD) = 0 [pid 7163] close(4) = 0 [pid 7163] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7163] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7162] <... futex resumed>) = 0 [pid 7162] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7163] <... futex resumed>) = 0 [pid 7162] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7163] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7162] <... mmap resumed>) = 0x7f5464f41000 [pid 7162] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7162] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7164], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7164 [pid 7162] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7162] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7164 attached [pid 7164] set_robust_list(0x7f5464f619e0, 24 [pid 7163] <... mknodat resumed>) = 0 [pid 7163] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7163] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7164] <... set_robust_list resumed>) = 0 [pid 7164] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7164] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7164] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7164] chdir(".") = 0 [pid 7164] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7162] <... futex resumed>) = 0 [pid 7164] <... futex resumed>) = 1 [pid 7162] exit_group(0 [pid 7163] <... futex resumed>) = ? [pid 7162] <... exit_group resumed>) = ? [pid 7163] +++ exited with 0 +++ [pid 7164] +++ exited with 0 +++ [pid 7162] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7162, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./718", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./718", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 152.558112][ T7163] loop0: detected capacity change from 0 to 1024 umount2("./718/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./718/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./718/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./718/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./718/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./718/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./718/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./718/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./718/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./718") = 0 mkdir("./719", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7165 ./strace-static-x86_64: Process 7165 attached [pid 7165] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7165] chdir("./719") = 0 [pid 7165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7165] setpgid(0, 0) = 0 [pid 7165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7165] write(3, "1000", 4) = 4 [pid 7165] close(3) = 0 [pid 7165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7165] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7165] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7165] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7166 attached , parent_tid=[7166], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7166 [pid 7165] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7165] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7166] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7166] memfd_create("syzkaller", 0) = 3 [pid 7166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7166] munmap(0x7f5464ee2000, 524288) = 0 [pid 7166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7166] close(3) = 0 [pid 7166] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7166] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7166] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7166] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7166] ioctl(4, LOOP_CLR_FD) = 0 [pid 7166] close(4) = 0 [pid 7166] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7165] <... futex resumed>) = 0 [pid 7165] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7165] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7165] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7165] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7167], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7167 [pid 7165] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7165] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7166] <... futex resumed>) = 1 [pid 7166] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7167 attached [pid 7167] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7167] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7167] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7166] <... mknodat resumed>) = 0 [pid 7166] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7166] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7167] <... mount resumed>) = 0 [pid 7167] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7167] chdir(".") = 0 [pid 7167] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7165] <... futex resumed>) = 0 [pid 7165] exit_group(0) = ? [pid 7167] <... futex resumed>) = ? [pid 7167] +++ exited with 0 +++ [pid 7166] <... futex resumed>) = ? [pid 7166] +++ exited with 0 +++ [pid 7165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7165, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./719", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./719", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./719/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./719/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./719/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./719/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./719/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./719/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 152.695428][ T7166] loop0: detected capacity change from 0 to 1024 umount2("./719/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./719/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./719/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./719") = 0 mkdir("./720", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7168 ./strace-static-x86_64: Process 7168 attached [pid 7168] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7168] chdir("./720") = 0 [pid 7168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7168] setpgid(0, 0) = 0 [pid 7168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7168] write(3, "1000", 4) = 4 [pid 7168] close(3) = 0 [pid 7168] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7168] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7168] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7168] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7169 attached , parent_tid=[7169], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7169 [pid 7169] set_robust_list(0x7f546d3029e0, 24 [pid 7168] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7168] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7169] <... set_robust_list resumed>) = 0 [pid 7169] memfd_create("syzkaller", 0) = 3 [pid 7169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7169] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7169] munmap(0x7f5464ee2000, 524288) = 0 [pid 7169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7169] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7169] close(3) = 0 [pid 7169] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7169] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7169] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7169] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7169] ioctl(4, LOOP_CLR_FD) = 0 [pid 7169] close(4) = 0 [pid 7169] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7168] <... futex resumed>) = 0 [pid 7168] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7168] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7168] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7168] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7170], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7170 [pid 7168] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7168] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7169] <... futex resumed>) = 1 [pid 7169] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7170 attached [pid 7170] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7170] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7170] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7169] <... mknodat resumed>) = 0 [pid 7169] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7169] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7170] <... mount resumed>) = 0 [pid 7170] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7170] chdir(".") = 0 [pid 7170] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7168] <... futex resumed>) = 0 [pid 7170] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7168] exit_group(0) = ? [pid 7170] <... futex resumed>) = ? [pid 7169] <... futex resumed>) = ? [pid 7169] +++ exited with 0 +++ [pid 7170] +++ exited with 0 +++ [pid 7168] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7168, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./720", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./720", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./720/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./720/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./720/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./720/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 152.791216][ T7169] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "./720/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./720/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./720/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./720/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./720/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./720") = 0 mkdir("./721", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7171 ./strace-static-x86_64: Process 7171 attached [pid 7171] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7171] chdir("./721") = 0 [pid 7171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7171] setpgid(0, 0) = 0 [pid 7171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7171] write(3, "1000", 4) = 4 [pid 7171] close(3) = 0 [pid 7171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7171] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7171] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7171] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7172 attached , parent_tid=[7172], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7172 [pid 7172] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7171] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7171] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7172] memfd_create("syzkaller", 0) = 3 [pid 7172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7172] munmap(0x7f5464ee2000, 524288) = 0 [pid 7172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7172] close(3) = 0 [pid 7172] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7172] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7172] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7172] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7172] ioctl(4, LOOP_CLR_FD) = 0 [pid 7172] close(4) = 0 [pid 7172] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7171] <... futex resumed>) = 0 [pid 7172] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7171] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7172] <... futex resumed>) = 0 [pid 7171] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7172] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7171] <... futex resumed>) = 0 [pid 7171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7171] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7171] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7173], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7173 [pid 7171] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7171] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7172] <... mknodat resumed>) = 0 [pid 7172] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7172] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7173 attached [pid 7173] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7173] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7173] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7173] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7173] chdir(".") = 0 [pid 7173] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7173] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7171] <... futex resumed>) = 0 [pid 7171] exit_group(0) = ? [pid 7172] <... futex resumed>) = ? [pid 7172] +++ exited with 0 +++ [pid 7173] <... futex resumed>) = ? [pid 7173] +++ exited with 0 +++ [pid 7171] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7171, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./721", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./721", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./721/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./721/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./721/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./721/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./721/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./721/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./721/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./721/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 152.904557][ T7172] loop0: detected capacity change from 0 to 1024 unlink("./721/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./721") = 0 mkdir("./722", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7174 ./strace-static-x86_64: Process 7174 attached [pid 7174] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7174] chdir("./722") = 0 [pid 7174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7174] setpgid(0, 0) = 0 [pid 7174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7174] write(3, "1000", 4) = 4 [pid 7174] close(3) = 0 [pid 7174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7174] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7174] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7174] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7175], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7175 [pid 7174] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7174] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7175 attached [pid 7175] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7175] memfd_create("syzkaller", 0) = 3 [pid 7175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7175] munmap(0x7f5464ee2000, 524288) = 0 [pid 7175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7175] close(3) = 0 [pid 7175] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7175] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7175] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7175] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7175] ioctl(4, LOOP_CLR_FD) = 0 [pid 7175] close(4) = 0 [pid 7175] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7174] <... futex resumed>) = 0 [pid 7174] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7174] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7174] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7174] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7176], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7176 [pid 7174] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7174] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7175] <... futex resumed>) = 1 [pid 7175] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7175] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7175] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7176 attached [pid 7176] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7176] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7176] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7176] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7176] chdir(".") = 0 [pid 7176] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7174] <... futex resumed>) = 0 [pid 7174] exit_group(0 [pid 7175] <... futex resumed>) = ? [pid 7174] <... exit_group resumed>) = ? [pid 7175] +++ exited with 0 +++ [pid 7176] +++ exited with 0 +++ [pid 7174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7174, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./722", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./722", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 152.996774][ T7175] loop0: detected capacity change from 0 to 1024 umount2("./722/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./722/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./722/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./722/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./722/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./722/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./722/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./722/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./722/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./722") = 0 mkdir("./723", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7177 ./strace-static-x86_64: Process 7177 attached [pid 7177] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7177] chdir("./723") = 0 [pid 7177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7177] setpgid(0, 0) = 0 [pid 7177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7177] write(3, "1000", 4) = 4 [pid 7177] close(3) = 0 [pid 7177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7177] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7177] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7177] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7178], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7178 [pid 7177] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7177] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7178 attached [pid 7178] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7178] memfd_create("syzkaller", 0) = 3 [pid 7178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7178] munmap(0x7f5464ee2000, 524288) = 0 [pid 7178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7178] close(3) = 0 [pid 7178] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7178] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7178] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7178] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7178] ioctl(4, LOOP_CLR_FD) = 0 [pid 7178] close(4) = 0 [pid 7178] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7178] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7177] <... futex resumed>) = 0 [pid 7177] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7177] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7177] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7177] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7179 attached , parent_tid=[7179], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7179 [pid 7178] <... futex resumed>) = 0 [pid 7177] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7179] set_robust_list(0x7f5464f619e0, 24 [pid 7178] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7177] <... futex resumed>) = 0 [pid 7179] <... set_robust_list resumed>) = 0 [pid 7177] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7179] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7179] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7178] <... mknodat resumed>) = 0 [pid 7178] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7178] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7179] <... mount resumed>) = 0 [pid 7179] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7179] chdir(".") = 0 [pid 7179] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7177] <... futex resumed>) = 0 [pid 7179] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7177] exit_group(0) = ? [pid 7179] <... futex resumed>) = ? [pid 7178] <... futex resumed>) = ? [pid 7178] +++ exited with 0 +++ [pid 7179] +++ exited with 0 +++ [pid 7177] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7177, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./723", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./723", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 153.096852][ T7178] loop0: detected capacity change from 0 to 1024 umount2("./723/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./723/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./723/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./723/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./723/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./723/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./723/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./723/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./723/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./723") = 0 mkdir("./724", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7180 attached , child_tidptr=0x5555561b25d0) = 7180 [pid 7180] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7180] chdir("./724") = 0 [pid 7180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7180] setpgid(0, 0) = 0 [pid 7180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7180] write(3, "1000", 4) = 4 [pid 7180] close(3) = 0 [pid 7180] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7180] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7180] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7180] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7181 attached , parent_tid=[7181], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7181 [pid 7180] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7181] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7181] memfd_create("syzkaller", 0 [pid 7180] <... futex resumed>) = 0 [pid 7181] <... memfd_create resumed>) = 3 [pid 7181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7180] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7181] munmap(0x7f5464ee2000, 524288) = 0 [pid 7181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7181] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7181] close(3) = 0 [pid 7181] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7181] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7181] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7181] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7181] ioctl(4, LOOP_CLR_FD) = 0 [pid 7181] close(4) = 0 [pid 7181] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7180] <... futex resumed>) = 0 [pid 7180] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7180] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7181] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7180] <... mmap resumed>) = 0x7f5464f41000 [pid 7180] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7180] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7182 attached , parent_tid=[7182], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7182 [pid 7182] set_robust_list(0x7f5464f619e0, 24 [pid 7180] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7180] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7182] <... set_robust_list resumed>) = 0 [pid 7182] mkdir(".", 0777 [pid 7181] <... mknodat resumed>) = 0 [pid 7181] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7181] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7182] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7182] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7182] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7182] chdir(".") = 0 [pid 7182] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7180] <... futex resumed>) = 0 [pid 7182] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7180] exit_group(0) = ? [pid 7181] <... futex resumed>) = ? [pid 7181] +++ exited with 0 +++ [pid 7182] <... futex resumed>) = ? [pid 7182] +++ exited with 0 +++ [pid 7180] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7180, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./724", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./724", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 153.200592][ T7181] loop0: detected capacity change from 0 to 1024 umount2("./724/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./724/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./724/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./724/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./724/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./724/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./724/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./724/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./724/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./724") = 0 mkdir("./725", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7183 ./strace-static-x86_64: Process 7183 attached [pid 7183] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7183] chdir("./725") = 0 [pid 7183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7183] setpgid(0, 0) = 0 [pid 7183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7183] write(3, "1000", 4) = 4 [pid 7183] close(3) = 0 [pid 7183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7183] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7183] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7183] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7184 attached [pid 7184] set_robust_list(0x7f546d3029e0, 24 [pid 7183] <... clone resumed>, parent_tid=[7184], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7184 [pid 7184] <... set_robust_list resumed>) = 0 [pid 7183] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7183] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7184] memfd_create("syzkaller", 0) = 3 [pid 7184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7184] munmap(0x7f5464ee2000, 524288) = 0 [pid 7184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7184] close(3) = 0 [pid 7184] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7184] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7184] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7184] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7184] ioctl(4, LOOP_CLR_FD) = 0 [pid 7184] close(4) = 0 [pid 7184] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7183] <... futex resumed>) = 0 [pid 7183] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7183] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7184] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7183] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7183] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7185], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7185 [pid 7183] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7183] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7184] <... mknodat resumed>) = 0 [pid 7184] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7185 attached [pid 7185] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7185] mkdir(".", 0777 [pid 7184] <... futex resumed>) = 0 [pid 7185] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7185] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7184] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7185] <... mount resumed>) = 0 [pid 7185] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7185] chdir(".") = 0 [pid 7185] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7183] <... futex resumed>) = 0 [pid 7183] exit_group(0) = ? [pid 7185] <... futex resumed>) = ? [pid 7185] +++ exited with 0 +++ [pid 7184] <... futex resumed>) = ? [pid 7184] +++ exited with 0 +++ [pid 7183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7183, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./725", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./725", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./725/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./725/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 153.316966][ T7184] loop0: detected capacity change from 0 to 1024 lstat("./725/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./725/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./725/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./725/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./725/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./725/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./725/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./725") = 0 mkdir("./726", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7186 ./strace-static-x86_64: Process 7186 attached [pid 7186] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7186] chdir("./726") = 0 [pid 7186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7186] setpgid(0, 0) = 0 [pid 7186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7186] write(3, "1000", 4) = 4 [pid 7186] close(3) = 0 [pid 7186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7186] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7186] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7186] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7187], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7187 ./strace-static-x86_64: Process 7187 attached [pid 7187] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7187] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7186] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7187] <... futex resumed>) = 0 [pid 7186] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7187] memfd_create("syzkaller", 0) = 3 [pid 7187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7187] munmap(0x7f5464ee2000, 524288) = 0 [pid 7187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7187] close(3) = 0 [pid 7187] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7187] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7187] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7187] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7187] ioctl(4, LOOP_CLR_FD) = 0 [pid 7187] close(4) = 0 [pid 7187] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7186] <... futex resumed>) = 0 [pid 7186] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7186] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7186] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7186] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7188], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7188 [pid 7186] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7186] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7187] <... futex resumed>) = 1 [pid 7187] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7187] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7187] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7188 attached [pid 7188] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7188] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7188] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7188] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7188] chdir(".") = 0 [pid 7188] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7186] <... futex resumed>) = 0 [pid 7186] exit_group(0 [pid 7187] <... futex resumed>) = ? [pid 7186] <... exit_group resumed>) = ? [pid 7187] +++ exited with 0 +++ [pid 7188] +++ exited with 0 +++ [pid 7186] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7186, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./726", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./726", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./726/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./726/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./726/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./726/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./726/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./726/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./726/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./726/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./726/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./726") = 0 [ 153.431706][ T7187] loop0: detected capacity change from 0 to 1024 mkdir("./727", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7189 ./strace-static-x86_64: Process 7189 attached [pid 7189] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7189] chdir("./727") = 0 [pid 7189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7189] setpgid(0, 0) = 0 [pid 7189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7189] write(3, "1000", 4) = 4 [pid 7189] close(3) = 0 [pid 7189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7189] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7189] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7189] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7190 attached [pid 7190] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7189] <... clone resumed>, parent_tid=[7190], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7190 [pid 7190] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7189] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7189] <... futex resumed>) = 0 [pid 7189] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7190] memfd_create("syzkaller", 0) = 3 [pid 7190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7190] munmap(0x7f5464ee2000, 524288) = 0 [pid 7190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7190] close(3) = 0 [pid 7190] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7190] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7190] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7190] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7190] ioctl(4, LOOP_CLR_FD) = 0 [pid 7190] close(4) = 0 [pid 7190] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7190] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7189] <... futex resumed>) = 0 [pid 7189] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7190] <... futex resumed>) = 0 [pid 7189] <... futex resumed>) = 1 [pid 7190] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7189] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7190] <... mknodat resumed>) = 0 [pid 7189] <... mmap resumed>) = 0x7f5464f41000 [pid 7190] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7189] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7190] <... futex resumed>) = 0 [pid 7189] <... mprotect resumed>) = 0 [pid 7190] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7189] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7191 attached , parent_tid=[7191], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7191 [pid 7191] set_robust_list(0x7f5464f619e0, 24 [pid 7189] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7191] <... set_robust_list resumed>) = 0 [pid 7189] <... futex resumed>) = 0 [pid 7189] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7191] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7191] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7191] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7191] chdir(".") = 0 [pid 7191] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7189] <... futex resumed>) = 0 [pid 7191] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7189] exit_group(0 [pid 7190] <... futex resumed>) = ? [pid 7189] <... exit_group resumed>) = ? [pid 7190] +++ exited with 0 +++ [pid 7191] <... futex resumed>) = ? [pid 7191] +++ exited with 0 +++ [pid 7189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7189, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./727", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./727", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./727/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 153.528148][ T7190] loop0: detected capacity change from 0 to 1024 umount2("./727/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./727/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./727/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./727/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./727/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./727/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./727/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./727/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./727") = 0 mkdir("./728", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7192 ./strace-static-x86_64: Process 7192 attached [pid 7192] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7192] chdir("./728") = 0 [pid 7192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7192] setpgid(0, 0) = 0 [pid 7192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7192] write(3, "1000", 4) = 4 [pid 7192] close(3) = 0 [pid 7192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7192] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7192] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7192] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7193 attached [pid 7193] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7193] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7192] <... clone resumed>, parent_tid=[7193], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7193 [pid 7192] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7193] <... futex resumed>) = 0 [pid 7192] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7193] memfd_create("syzkaller", 0) = 3 [pid 7193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7193] munmap(0x7f5464ee2000, 524288) = 0 [pid 7193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7193] close(3) = 0 [pid 7193] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7193] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7193] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7193] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7193] ioctl(4, LOOP_CLR_FD) = 0 [pid 7193] close(4) = 0 [pid 7193] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7192] <... futex resumed>) = 0 [pid 7192] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7192] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7192] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7192] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7194], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7194 [pid 7192] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7192] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7193] <... futex resumed>) = 1 [pid 7193] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7194 attached ) = 0 [pid 7194] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7194] mkdir(".", 0777 [pid 7193] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7194] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7194] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7193] <... futex resumed>) = 0 [pid 7193] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7194] <... mount resumed>) = 0 [pid 7194] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7194] chdir(".") = 0 [pid 7194] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7192] <... futex resumed>) = 0 [pid 7194] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7192] exit_group(0) = ? [pid 7193] <... futex resumed>) = ? [pid 7194] <... futex resumed>) = ? [pid 7194] +++ exited with 0 +++ [pid 7193] +++ exited with 0 +++ [pid 7192] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7192, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./728", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./728", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 153.629216][ T7193] loop0: detected capacity change from 0 to 1024 umount2("./728/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./728/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./728/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./728/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./728/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./728/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./728/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./728/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./728/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./728") = 0 mkdir("./729", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7195 attached [pid 7195] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7195] chdir("./729") = 0 [pid 7195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4999] <... clone resumed>, child_tidptr=0x5555561b25d0) = 7195 [pid 7195] setpgid(0, 0) = 0 [pid 7195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7195] write(3, "1000", 4) = 4 [pid 7195] close(3) = 0 [pid 7195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7195] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7195] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7195] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7196 attached , parent_tid=[7196], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7196 [pid 7196] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7196] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7195] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7196] <... futex resumed>) = 0 [pid 7195] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7196] memfd_create("syzkaller", 0) = 3 [pid 7196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7196] munmap(0x7f5464ee2000, 524288) = 0 [pid 7196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7196] close(3) = 0 [pid 7196] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7196] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7196] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7196] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7196] ioctl(4, LOOP_CLR_FD) = 0 [pid 7196] close(4) = 0 [pid 7196] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7195] <... futex resumed>) = 0 [pid 7195] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7196] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7195] <... futex resumed>) = 0 [pid 7195] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7196] <... mknodat resumed>) = 0 [pid 7195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7196] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7195] <... mmap resumed>) = 0x7f5464f41000 [pid 7195] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7195] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7196] <... futex resumed>) = 0 [pid 7195] <... clone resumed>, parent_tid=[7197], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7197 ./strace-static-x86_64: Process 7197 attached [pid 7196] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7195] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7195] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7197] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7197] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7197] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7197] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7197] chdir(".") = 0 [pid 7197] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7195] <... futex resumed>) = 0 [pid 7197] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7195] exit_group(0 [pid 7197] <... futex resumed>) = ? [pid 7196] <... futex resumed>) = ? [pid 7195] <... exit_group resumed>) = ? [pid 7196] +++ exited with 0 +++ [pid 7197] +++ exited with 0 +++ [pid 7195] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7195, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./729", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./729", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./729/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./729/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./729/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./729/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./729/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 153.756344][ T7196] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./729/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./729/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./729/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./729/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./729") = 0 mkdir("./730", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7198 attached , child_tidptr=0x5555561b25d0) = 7198 [pid 7198] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7198] chdir("./730") = 0 [pid 7198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7198] setpgid(0, 0) = 0 [pid 7198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7198] write(3, "1000", 4) = 4 [pid 7198] close(3) = 0 [pid 7198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7198] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7198] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7198] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7199 attached , parent_tid=[7199], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7199 [pid 7198] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7198] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7199] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7199] memfd_create("syzkaller", 0) = 3 [pid 7199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7199] munmap(0x7f5464ee2000, 524288) = 0 [pid 7199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7199] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7199] close(3) = 0 [pid 7199] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7199] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7199] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7199] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7199] ioctl(4, LOOP_CLR_FD) = 0 [pid 7199] close(4) = 0 [pid 7199] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7198] <... futex resumed>) = 0 [pid 7199] <... futex resumed>) = 1 [pid 7198] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7198] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7198] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7198] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7200 attached , parent_tid=[7200], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7200 [pid 7198] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7198] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7200] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7200] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7200] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7199] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7199] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7199] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7200] <... mount resumed>) = 0 [pid 7200] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7200] chdir(".") = 0 [pid 7200] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7198] <... futex resumed>) = 0 [pid 7198] exit_group(0) = ? [pid 7199] <... futex resumed>) = ? [pid 7199] +++ exited with 0 +++ [pid 7200] <... futex resumed>) = ? [pid 7200] +++ exited with 0 +++ [pid 7198] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7198, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./730", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./730", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./730/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./730/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./730/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./730/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./730/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 153.862904][ T7199] loop0: detected capacity change from 0 to 1024 rmdir("./730/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./730/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./730/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./730/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./730") = 0 mkdir("./731", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7201 ./strace-static-x86_64: Process 7201 attached [pid 7201] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7201] chdir("./731") = 0 [pid 7201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7201] setpgid(0, 0) = 0 [pid 7201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7201] write(3, "1000", 4) = 4 [pid 7201] close(3) = 0 [pid 7201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7201] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7201] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7201] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7202 attached , parent_tid=[7202], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7202 [pid 7201] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7201] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7202] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7202] memfd_create("syzkaller", 0) = 3 [pid 7202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7202] munmap(0x7f5464ee2000, 524288) = 0 [pid 7202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7202] close(3) = 0 [pid 7202] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7202] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7202] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7202] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7202] ioctl(4, LOOP_CLR_FD) = 0 [pid 7202] close(4) = 0 [pid 7202] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7201] <... futex resumed>) = 0 [pid 7201] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7201] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7201] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7201] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7202] <... futex resumed>) = 1 [pid 7201] <... clone resumed>, parent_tid=[7203], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7203 [pid 7202] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7201] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7201] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7203 attached [pid 7202] <... mknodat resumed>) = 0 [pid 7203] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7202] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7202] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7203] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7203] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7203] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7203] chdir(".") = 0 [pid 7203] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7201] <... futex resumed>) = 0 [pid 7203] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7201] exit_group(0 [pid 7203] <... futex resumed>) = ? [pid 7202] <... futex resumed>) = ? [pid 7201] <... exit_group resumed>) = ? [pid 7203] +++ exited with 0 +++ [pid 7202] +++ exited with 0 +++ [pid 7201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7201, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./731", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./731", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./731/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./731/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./731/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./731/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./731/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./731/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./731/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./731/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./731/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./731") = 0 mkdir("./732", 0777) = 0 [ 153.957296][ T7202] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7204 ./strace-static-x86_64: Process 7204 attached [pid 7204] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7204] chdir("./732") = 0 [pid 7204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7204] setpgid(0, 0) = 0 [pid 7204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7204] write(3, "1000", 4) = 4 [pid 7204] close(3) = 0 [pid 7204] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7204] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7204] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7204] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7205], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7205 [pid 7204] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7204] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7205 attached [pid 7205] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7205] memfd_create("syzkaller", 0) = 3 [pid 7205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7205] munmap(0x7f5464ee2000, 524288) = 0 [pid 7205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7205] close(3) = 0 [pid 7205] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7205] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7205] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7205] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7205] ioctl(4, LOOP_CLR_FD) = 0 [pid 7205] close(4) = 0 [pid 7205] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7205] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7204] <... futex resumed>) = 0 [pid 7204] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7205] <... futex resumed>) = 0 [pid 7204] <... futex resumed>) = 1 [pid 7205] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7204] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7204] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7204] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7206], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7206 [pid 7205] <... mknodat resumed>) = 0 [pid 7204] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7205] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7205] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7206 attached [pid 7206] set_robust_list(0x7f5464f619e0, 24 [pid 7204] <... futex resumed>) = 0 [pid 7204] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7206] <... set_robust_list resumed>) = 0 [pid 7206] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7206] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7206] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7206] chdir(".") = 0 [pid 7206] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7204] <... futex resumed>) = 0 [pid 7206] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7204] exit_group(0 [pid 7205] <... futex resumed>) = ? [pid 7204] <... exit_group resumed>) = ? [pid 7205] +++ exited with 0 +++ [pid 7206] <... futex resumed>) = ? [pid 7206] +++ exited with 0 +++ [pid 7204] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7204, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./732", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./732", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./732/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./732/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./732/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./732/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./732/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./732/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./732/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./732/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./732/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./732") = 0 mkdir("./733", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 154.061380][ T7205] loop0: detected capacity change from 0 to 1024 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7207 ./strace-static-x86_64: Process 7207 attached [pid 7207] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7207] chdir("./733") = 0 [pid 7207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7207] setpgid(0, 0) = 0 [pid 7207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7207] write(3, "1000", 4) = 4 [pid 7207] close(3) = 0 [pid 7207] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7207] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7207] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7207] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7208], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7208 [pid 7207] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7207] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7208 attached [pid 7208] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7208] memfd_create("syzkaller", 0) = 3 [pid 7208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7208] munmap(0x7f5464ee2000, 524288) = 0 [pid 7208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7208] close(3) = 0 [pid 7208] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7208] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7208] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7208] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7208] ioctl(4, LOOP_CLR_FD) = 0 [pid 7208] close(4) = 0 [pid 7208] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7207] <... futex resumed>) = 0 [pid 7208] <... futex resumed>) = 1 [pid 7207] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7207] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7207] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7207] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7208] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7207] <... clone resumed>, parent_tid=[7209], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7209 [pid 7207] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7207] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7208] <... mknodat resumed>) = 0 [pid 7208] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7208] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7209 attached [pid 7209] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7209] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7209] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7209] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7209] chdir(".") = 0 [ 154.153791][ T7208] loop0: detected capacity change from 0 to 1024 [pid 7209] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7207] <... futex resumed>) = 0 [pid 7209] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7207] exit_group(0) = ? [pid 7209] <... futex resumed>) = ? [pid 7209] +++ exited with 0 +++ [pid 7208] <... futex resumed>) = ? [pid 7208] +++ exited with 0 +++ [pid 7207] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7207, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./733", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./733", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./733/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./733/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./733/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./733/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./733/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./733/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./733/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./733/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./733/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./733") = 0 mkdir("./734", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7210 ./strace-static-x86_64: Process 7210 attached [pid 7210] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7210] chdir("./734") = 0 [pid 7210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7210] setpgid(0, 0) = 0 [pid 7210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7210] write(3, "1000", 4) = 4 [pid 7210] close(3) = 0 [pid 7210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7210] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7210] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7210] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7211], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7211 [pid 7210] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7210] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7211 attached [pid 7211] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7211] memfd_create("syzkaller", 0) = 3 [pid 7211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7211] munmap(0x7f5464ee2000, 524288) = 0 [pid 7211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7211] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7211] close(3) = 0 [pid 7211] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7211] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7211] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7211] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7211] ioctl(4, LOOP_CLR_FD) = 0 [pid 7211] close(4) = 0 [pid 7211] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7210] <... futex resumed>) = 0 [pid 7211] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7210] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7210] <... futex resumed>) = 0 [pid 7211] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7210] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7210] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7210] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7212 attached , parent_tid=[7212], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7212 [pid 7210] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7210] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7211] <... mknodat resumed>) = 0 [pid 7212] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7212] mkdir(".", 0777 [pid 7211] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7212] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7212] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7211] <... futex resumed>) = 0 [pid 7211] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7212] <... mount resumed>) = 0 [pid 7212] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7212] chdir(".") = 0 [pid 7212] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7210] <... futex resumed>) = 0 [pid 7212] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7210] exit_group(0) = ? [pid 7212] <... futex resumed>) = ? [pid 7212] +++ exited with 0 +++ [pid 7211] <... futex resumed>) = ? [pid 7211] +++ exited with 0 +++ [pid 7210] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7210, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./734", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./734", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./734/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./734/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./734/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./734/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./734/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./734/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./734/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./734/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./734/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 [ 154.279234][ T7211] loop0: detected capacity change from 0 to 1024 close(3) = 0 rmdir("./734") = 0 mkdir("./735", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7213 ./strace-static-x86_64: Process 7213 attached [pid 7213] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7213] chdir("./735") = 0 [pid 7213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7213] setpgid(0, 0) = 0 [pid 7213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7213] write(3, "1000", 4) = 4 [pid 7213] close(3) = 0 [pid 7213] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7213] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7213] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7213] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7214], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7214 [pid 7213] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7213] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7214 attached [pid 7214] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7214] memfd_create("syzkaller", 0) = 3 [pid 7214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7214] munmap(0x7f5464ee2000, 524288) = 0 [pid 7214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7214] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7214] close(3) = 0 [pid 7214] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7214] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7214] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7214] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7214] ioctl(4, LOOP_CLR_FD) = 0 [pid 7214] close(4) = 0 [pid 7214] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7214] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7213] <... futex resumed>) = 0 [pid 7213] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7213] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7214] <... futex resumed>) = 0 [pid 7213] <... mmap resumed>) = 0x7f5464f41000 [pid 7213] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7214] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7213] <... mprotect resumed>) = 0 [pid 7213] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7215], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7215 [pid 7213] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7213] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7214] <... mknodat resumed>) = 0 [pid 7214] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7214] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7215 attached [pid 7215] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7215] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7215] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7215] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7215] chdir(".") = 0 [pid 7215] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7213] <... futex resumed>) = 0 [pid 7215] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7213] exit_group(0 [pid 7215] <... futex resumed>) = ? [pid 7213] <... exit_group resumed>) = ? [pid 7214] <... futex resumed>) = ? [pid 7215] +++ exited with 0 +++ [pid 7214] +++ exited with 0 +++ [pid 7213] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7213, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./735", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./735", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./735/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./735/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./735/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./735/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./735/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 154.384102][ T7214] loop0: detected capacity change from 0 to 1024 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./735/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./735/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./735/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./735/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./735") = 0 mkdir("./736", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7216 ./strace-static-x86_64: Process 7216 attached [pid 7216] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7216] chdir("./736") = 0 [pid 7216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7216] setpgid(0, 0) = 0 [pid 7216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7216] write(3, "1000", 4) = 4 [pid 7216] close(3) = 0 [pid 7216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7216] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7216] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7216] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7217], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7217 [pid 7216] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7216] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7217 attached [pid 7217] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7217] memfd_create("syzkaller", 0) = 3 [pid 7217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7217] munmap(0x7f5464ee2000, 524288) = 0 [pid 7217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7217] close(3) = 0 [pid 7217] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7217] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7217] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7217] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7217] ioctl(4, LOOP_CLR_FD) = 0 [pid 7217] close(4) = 0 [pid 7217] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7216] <... futex resumed>) = 0 [pid 7216] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7216] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7217] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7216] <... mmap resumed>) = 0x7f5464f41000 [pid 7216] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7216] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7218], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7218 [pid 7216] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7216] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7218 attached [pid 7218] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7218] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7218] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7217] <... mknodat resumed>) = 0 [pid 7217] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7217] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7218] <... mount resumed>) = 0 [pid 7218] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7218] chdir(".") = 0 [pid 7218] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7216] <... futex resumed>) = 0 [pid 7216] exit_group(0) = ? [pid 7217] <... futex resumed>) = ? [pid 7218] <... futex resumed>) = ? [pid 7217] +++ exited with 0 +++ [pid 7218] +++ exited with 0 +++ [pid 7216] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7216, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./736", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./736", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 154.480797][ T7217] loop0: detected capacity change from 0 to 1024 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./736/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./736/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./736/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./736/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./736/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./736/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./736/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./736/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./736/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./736") = 0 mkdir("./737", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7219 ./strace-static-x86_64: Process 7219 attached [pid 7219] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7219] chdir("./737") = 0 [pid 7219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7219] setpgid(0, 0) = 0 [pid 7219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7219] write(3, "1000", 4) = 4 [pid 7219] close(3) = 0 [pid 7219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7219] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7219] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7219] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7220], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7220 [pid 7219] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7219] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7220 attached [pid 7220] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7220] memfd_create("syzkaller", 0) = 3 [pid 7220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7220] munmap(0x7f5464ee2000, 524288) = 0 [pid 7220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7220] close(3) = 0 [pid 7220] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7220] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7220] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7220] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7220] ioctl(4, LOOP_CLR_FD) = 0 [pid 7220] close(4) = 0 [pid 7220] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7219] <... futex resumed>) = 0 [pid 7220] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7219] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7219] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7219] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7219] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7221], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7221 [pid 7219] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7219] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7220] <... mknodat resumed>) = 0 [pid 7220] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7220] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7221 attached [pid 7221] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7221] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7221] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7221] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7221] chdir(".") = 0 [pid 7221] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7219] <... futex resumed>) = 0 [pid 7219] exit_group(0 [pid 7220] <... futex resumed>) = ? [pid 7219] <... exit_group resumed>) = ? [pid 7220] +++ exited with 0 +++ [pid 7221] +++ exited with 0 +++ [pid 7219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7219, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./737", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./737", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 154.591591][ T7220] loop0: detected capacity change from 0 to 1024 umount2("./737/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./737/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./737/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./737/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./737/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./737/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./737/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./737/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./737/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./737") = 0 mkdir("./738", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7222 ./strace-static-x86_64: Process 7222 attached [pid 7222] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7222] chdir("./738") = 0 [pid 7222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7222] setpgid(0, 0) = 0 [pid 7222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7222] write(3, "1000", 4) = 4 [pid 7222] close(3) = 0 [pid 7222] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7222] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7222] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7222] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7223], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7223 [pid 7222] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7222] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7223 attached [pid 7223] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7223] memfd_create("syzkaller", 0) = 3 [pid 7223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7223] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7223] munmap(0x7f5464ee2000, 524288) = 0 [pid 7223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7223] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7223] close(3) = 0 [pid 7223] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7223] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7223] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7223] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7223] ioctl(4, LOOP_CLR_FD) = 0 [pid 7223] close(4) = 0 [pid 7223] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7222] <... futex resumed>) = 0 [pid 7223] <... futex resumed>) = 1 [pid 7223] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7222] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7222] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7222] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7222] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7224], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7224 [pid 7222] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7222] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7223] <... mknodat resumed>) = 0 [pid 7223] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7223] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7224 attached [pid 7224] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7224] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7224] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7224] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7224] chdir(".") = 0 [pid 7224] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7222] <... futex resumed>) = 0 [pid 7224] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7222] exit_group(0) = ? [pid 7224] <... futex resumed>) = ? [pid 7223] <... futex resumed>) = ? [pid 7224] +++ exited with 0 +++ [pid 7223] +++ exited with 0 +++ [pid 7222] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7222, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./738", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./738", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 154.692694][ T7223] loop0: detected capacity change from 0 to 1024 umount2("./738/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./738/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./738/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./738/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./738/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./738/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./738/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./738/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./738/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./738") = 0 mkdir("./739", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7225 ./strace-static-x86_64: Process 7225 attached [pid 7225] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7225] chdir("./739") = 0 [pid 7225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7225] setpgid(0, 0) = 0 [pid 7225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7225] write(3, "1000", 4) = 4 [pid 7225] close(3) = 0 [pid 7225] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7225] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7225] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7225] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7226 attached [pid 7226] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7226] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7225] <... clone resumed>, parent_tid=[7226], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7226 [pid 7225] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7226] <... futex resumed>) = 0 [pid 7225] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7226] memfd_create("syzkaller", 0) = 3 [pid 7226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7226] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7226] munmap(0x7f5464ee2000, 524288) = 0 [pid 7226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7226] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7226] close(3) = 0 [pid 7226] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7226] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7226] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7226] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7226] ioctl(4, LOOP_CLR_FD) = 0 [pid 7226] close(4) = 0 [pid 7226] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7225] <... futex resumed>) = 0 [pid 7225] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7225] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7225] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7225] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7227], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7227 [pid 7225] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7225] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7226] <... futex resumed>) = 1 [pid 7226] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7227 attached [pid 7227] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7226] <... mknodat resumed>) = 0 [pid 7227] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7227] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7226] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7226] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7227] <... mount resumed>) = 0 [pid 7227] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7227] chdir(".") = 0 [pid 7227] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7225] <... futex resumed>) = 0 [pid 7227] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7225] exit_group(0) = ? [pid 7226] <... futex resumed>) = ? [pid 7227] <... futex resumed>) = ? [pid 7226] +++ exited with 0 +++ [pid 7227] +++ exited with 0 +++ [pid 7225] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7225, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./739", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./739", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./739/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./739/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./739/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./739/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./739/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./739/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./739/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./739/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./739/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 154.806705][ T7226] loop0: detected capacity change from 0 to 1024 rmdir("./739") = 0 mkdir("./740", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7228 ./strace-static-x86_64: Process 7228 attached [pid 7228] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7228] chdir("./740") = 0 [pid 7228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7228] setpgid(0, 0) = 0 [pid 7228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7228] write(3, "1000", 4) = 4 [pid 7228] close(3) = 0 [pid 7228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7228] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7228] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7228] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7229], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7229 [pid 7228] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7228] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7229 attached [pid 7229] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7229] memfd_create("syzkaller", 0) = 3 [pid 7229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7229] munmap(0x7f5464ee2000, 524288) = 0 [pid 7229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7229] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7229] close(3) = 0 [pid 7229] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7229] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7229] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7229] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7229] ioctl(4, LOOP_CLR_FD) = 0 [pid 7229] close(4) = 0 [pid 7229] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7229] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7228] <... futex resumed>) = 0 [pid 7228] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7229] <... futex resumed>) = 0 [pid 7228] <... futex resumed>) = 1 [pid 7229] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7228] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7229] <... mknodat resumed>) = 0 [pid 7228] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7229] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7229] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7228] <... mprotect resumed>) = 0 [pid 7228] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7230 attached , parent_tid=[7230], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7230 [pid 7230] set_robust_list(0x7f5464f619e0, 24 [pid 7228] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7230] <... set_robust_list resumed>) = 0 [pid 7228] <... futex resumed>) = 0 [pid 7230] mkdir(".", 0777 [pid 7228] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7230] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7230] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7230] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7230] chdir(".") = 0 [pid 7230] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7228] <... futex resumed>) = 0 [pid 7230] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7228] exit_group(0 [pid 7229] <... futex resumed>) = ? [pid 7228] <... exit_group resumed>) = ? [pid 7229] +++ exited with 0 +++ [pid 7230] <... futex resumed>) = ? [pid 7230] +++ exited with 0 +++ [pid 7228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7228, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./740", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./740", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./740/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./740/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./740/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./740/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./740/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./740/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 154.908311][ T7229] loop0: detected capacity change from 0 to 1024 umount2("./740/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./740/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./740/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./740") = 0 mkdir("./741", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7231 ./strace-static-x86_64: Process 7231 attached [pid 7231] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7231] chdir("./741") = 0 [pid 7231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7231] setpgid(0, 0) = 0 [pid 7231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7231] write(3, "1000", 4) = 4 [pid 7231] close(3) = 0 [pid 7231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7231] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7231] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7231] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7232], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7232 [pid 7231] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7231] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7232 attached [pid 7232] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7232] memfd_create("syzkaller", 0) = 3 [pid 7232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7232] munmap(0x7f5464ee2000, 524288) = 0 [pid 7232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7232] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7232] close(3) = 0 [pid 7232] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7232] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7232] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7232] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7232] ioctl(4, LOOP_CLR_FD) = 0 [pid 7232] close(4) = 0 [pid 7232] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7231] <... futex resumed>) = 0 [pid 7231] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7231] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7232] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7231] <... futex resumed>) = 0 [pid 7231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7232] <... mknodat resumed>) = 0 [pid 7231] <... mmap resumed>) = 0x7f5464f41000 [pid 7232] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7231] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7232] <... futex resumed>) = 0 [pid 7231] <... mprotect resumed>) = 0 [pid 7232] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7231] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7233 attached , parent_tid=[7233], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7233 [pid 7233] set_robust_list(0x7f5464f619e0, 24 [pid 7231] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7233] <... set_robust_list resumed>) = 0 [pid 7231] <... futex resumed>) = 0 [pid 7233] mkdir(".", 0777 [pid 7231] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7233] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7233] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7233] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7233] chdir(".") = 0 [pid 7233] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7231] <... futex resumed>) = 0 [pid 7233] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7231] exit_group(0 [pid 7233] <... futex resumed>) = ? [pid 7232] <... futex resumed>) = ? [pid 7231] <... exit_group resumed>) = ? [pid 7233] +++ exited with 0 +++ [pid 7232] +++ exited with 0 +++ [pid 7231] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7231, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./741", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./741", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 155.027870][ T7232] loop0: detected capacity change from 0 to 1024 umount2("./741/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./741/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./741/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./741/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./741/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./741/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./741/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./741/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./741/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./741") = 0 mkdir("./742", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7234 ./strace-static-x86_64: Process 7234 attached [pid 7234] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7234] chdir("./742") = 0 [pid 7234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7234] setpgid(0, 0) = 0 [pid 7234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7234] write(3, "1000", 4) = 4 [pid 7234] close(3) = 0 [pid 7234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7234] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7234] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7234] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7235 attached , parent_tid=[7235], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7235 [pid 7234] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7234] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7235] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7235] memfd_create("syzkaller", 0) = 3 [pid 7235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7235] munmap(0x7f5464ee2000, 524288) = 0 [pid 7235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7235] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7235] close(3) = 0 [pid 7235] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7235] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7235] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7235] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7235] ioctl(4, LOOP_CLR_FD) = 0 [pid 7235] close(4) = 0 [pid 7235] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7234] <... futex resumed>) = 0 [pid 7234] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7234] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7234] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7234] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7236 attached [pid 7236] set_robust_list(0x7f5464f619e0, 24 [pid 7234] <... clone resumed>, parent_tid=[7236], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7236 [pid 7236] <... set_robust_list resumed>) = 0 [pid 7236] mkdir(".", 0777 [pid 7234] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7236] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7236] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7234] <... futex resumed>) = 0 [pid 7234] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7236] <... mount resumed>) = 0 [pid 7236] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7236] chdir(".") = 0 [pid 7236] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7234] <... futex resumed>) = 0 [pid 7236] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7235] <... futex resumed>) = 1 [pid 7235] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7235] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7235] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7234] exit_group(0 [pid 7236] <... futex resumed>) = ? [pid 7235] <... futex resumed>) = ? [pid 7234] <... exit_group resumed>) = ? [pid 7236] +++ exited with 0 +++ [pid 7235] +++ exited with 0 +++ [pid 7234] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7234, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./742", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./742", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./742/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 155.141870][ T7235] loop0: detected capacity change from 0 to 1024 umount2("./742/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./742/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./742/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./742/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./742/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./742/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./742/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./742/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./742") = 0 mkdir("./743", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7237 attached , child_tidptr=0x5555561b25d0) = 7237 [pid 7237] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7237] chdir("./743") = 0 [pid 7237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7237] setpgid(0, 0) = 0 [pid 7237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7237] write(3, "1000", 4) = 4 [pid 7237] close(3) = 0 [pid 7237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7237] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7237] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7237] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7238], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7238 [pid 7237] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7237] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7238 attached [pid 7238] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7238] memfd_create("syzkaller", 0) = 3 [pid 7238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7238] munmap(0x7f5464ee2000, 524288) = 0 [pid 7238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7238] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7238] close(3) = 0 [pid 7238] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7238] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7238] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7238] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7238] ioctl(4, LOOP_CLR_FD) = 0 [pid 7238] close(4) = 0 [pid 7238] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7238] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7237] <... futex resumed>) = 0 [pid 7237] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7238] <... futex resumed>) = 0 [pid 7238] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7237] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7237] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7237] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7239 attached , parent_tid=[7239], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7239 [pid 7239] set_robust_list(0x7f5464f619e0, 24 [pid 7237] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7239] <... set_robust_list resumed>) = 0 [pid 7237] <... futex resumed>) = 0 [pid 7239] mkdir(".", 0777 [pid 7237] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7239] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7239] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7238] <... mknodat resumed>) = 0 [pid 7238] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7239] <... mount resumed>) = 0 [pid 7238] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7239] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7239] chdir(".") = 0 [pid 7239] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7237] <... futex resumed>) = 0 [pid 7237] exit_group(0 [pid 7238] <... futex resumed>) = ? [pid 7237] <... exit_group resumed>) = ? [pid 7238] +++ exited with 0 +++ [pid 7239] +++ exited with 0 +++ [pid 7237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7237, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./743", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./743", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./743/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 155.249511][ T7238] loop0: detected capacity change from 0 to 1024 umount2("./743/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./743/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./743/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./743/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./743/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./743/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./743/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./743/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./743") = 0 mkdir("./744", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7240 ./strace-static-x86_64: Process 7240 attached [pid 7240] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7240] chdir("./744") = 0 [pid 7240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7240] setpgid(0, 0) = 0 [pid 7240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7240] write(3, "1000", 4) = 4 [pid 7240] close(3) = 0 [pid 7240] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7240] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7240] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7240] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7241], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7241 ./strace-static-x86_64: Process 7241 attached [pid 7241] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7241] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7240] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7241] <... futex resumed>) = 0 [pid 7240] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7241] memfd_create("syzkaller", 0) = 3 [pid 7241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7241] munmap(0x7f5464ee2000, 524288) = 0 [pid 7241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7241] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7241] close(3) = 0 [pid 7241] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7241] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7241] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7241] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7241] ioctl(4, LOOP_CLR_FD) = 0 [pid 7241] close(4) = 0 [pid 7241] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7240] <... futex resumed>) = 0 [pid 7240] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7240] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7240] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7240] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7242], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7242 [pid 7240] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7240] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7241] <... futex resumed>) = 1 [pid 7241] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7241] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7241] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7242 attached [pid 7242] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7242] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7242] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7242] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7242] chdir(".") = 0 [pid 7242] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7240] <... futex resumed>) = 0 [pid 7240] exit_group(0) = ? [pid 7241] <... futex resumed>) = ? [pid 7242] +++ exited with 0 +++ [pid 7241] +++ exited with 0 +++ [pid 7240] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7240, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./744", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./744", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./744/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./744/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./744/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./744/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./744/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 155.353903][ T7241] loop0: detected capacity change from 0 to 1024 rmdir("./744/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./744/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./744/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./744/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./744") = 0 mkdir("./745", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7243 ./strace-static-x86_64: Process 7243 attached [pid 7243] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7243] chdir("./745") = 0 [pid 7243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7243] setpgid(0, 0) = 0 [pid 7243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7243] write(3, "1000", 4) = 4 [pid 7243] close(3) = 0 [pid 7243] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7243] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7243] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7243] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7244], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7244 [pid 7243] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7243] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7244 attached [pid 7244] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7244] memfd_create("syzkaller", 0) = 3 [pid 7244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7244] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7244] munmap(0x7f5464ee2000, 524288) = 0 [pid 7244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7244] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7244] close(3) = 0 [pid 7244] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7244] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7244] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7244] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7244] ioctl(4, LOOP_CLR_FD) = 0 [pid 7244] close(4) = 0 [pid 7244] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7243] <... futex resumed>) = 0 [pid 7243] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7244] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7243] <... futex resumed>) = 0 [pid 7243] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7243] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7243] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7245], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7245 [pid 7243] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7243] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7245 attached [pid 7244] <... mknodat resumed>) = 0 [pid 7244] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7244] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7245] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7245] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7245] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7245] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7245] chdir(".") = 0 [pid 7245] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7243] <... futex resumed>) = 0 [pid 7245] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7243] exit_group(0) = ? [pid 7244] <... futex resumed>) = ? [pid 7244] +++ exited with 0 +++ [pid 7245] <... futex resumed>) = ? [pid 7245] +++ exited with 0 +++ [pid 7243] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7243, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./745", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./745", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./745/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./745/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./745/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./745/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./745/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 155.460688][ T7244] loop0: detected capacity change from 0 to 1024 rmdir("./745/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./745/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./745/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./745/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./745") = 0 mkdir("./746", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7246 ./strace-static-x86_64: Process 7246 attached [pid 7246] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7246] chdir("./746") = 0 [pid 7246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7246] setpgid(0, 0) = 0 [pid 7246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7246] write(3, "1000", 4) = 4 [pid 7246] close(3) = 0 [pid 7246] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7246] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7246] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7246] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7247], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7247 [pid 7246] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7246] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7247 attached [pid 7247] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7247] memfd_create("syzkaller", 0) = 3 [pid 7247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7247] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7247] munmap(0x7f5464ee2000, 524288) = 0 [pid 7247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7247] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7247] close(3) = 0 [pid 7247] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7247] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7247] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7247] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7247] ioctl(4, LOOP_CLR_FD) = 0 [pid 7247] close(4) = 0 [pid 7247] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7246] <... futex resumed>) = 0 [pid 7246] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7246] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7246] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7246] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7248], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7248 [pid 7247] <... futex resumed>) = 1 [pid 7246] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7247] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7246] <... futex resumed>) = 0 [pid 7246] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7247] <... mknodat resumed>) = 0 [pid 7247] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7247] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7248 attached [pid 7248] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7248] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7248] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7248] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7248] chdir(".") = 0 [pid 7248] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7246] <... futex resumed>) = 0 [pid 7248] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7246] exit_group(0 [pid 7248] <... futex resumed>) = ? [pid 7247] <... futex resumed>) = ? [pid 7246] <... exit_group resumed>) = ? [pid 7247] +++ exited with 0 +++ [pid 7248] +++ exited with 0 +++ [pid 7246] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7246, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./746", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./746", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 155.551396][ T7247] loop0: detected capacity change from 0 to 1024 umount2("./746/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./746/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./746/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./746/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./746/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./746/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./746/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./746/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./746/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./746") = 0 mkdir("./747", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7249 ./strace-static-x86_64: Process 7249 attached [pid 7249] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7249] chdir("./747") = 0 [pid 7249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7249] setpgid(0, 0) = 0 [pid 7249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7249] write(3, "1000", 4) = 4 [pid 7249] close(3) = 0 [pid 7249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7249] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7249] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7249] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7250 attached , parent_tid=[7250], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7250 [pid 7249] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7249] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7250] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7250] memfd_create("syzkaller", 0) = 3 [pid 7250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7250] munmap(0x7f5464ee2000, 524288) = 0 [pid 7250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7250] close(3) = 0 [pid 7250] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7250] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7250] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7250] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7250] ioctl(4, LOOP_CLR_FD) = 0 [pid 7250] close(4) = 0 [pid 7250] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7249] <... futex resumed>) = 0 [pid 7249] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7249] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7249] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7249] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7251], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7251 [pid 7249] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7249] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7250] <... futex resumed>) = 1 [pid 7250] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7250] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7250] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7251 attached [pid 7251] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7251] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7251] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7251] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7251] chdir(".") = 0 [pid 7251] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7249] <... futex resumed>) = 0 [pid 7249] exit_group(0) = ? [pid 7250] <... futex resumed>) = ? [pid 7250] +++ exited with 0 +++ [pid 7251] +++ exited with 0 +++ [pid 7249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7249, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./747", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./747", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./747/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./747/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./747/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./747/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./747/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 155.662728][ T7250] loop0: detected capacity change from 0 to 1024 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./747/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./747/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./747/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./747/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./747") = 0 mkdir("./748", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7252 ./strace-static-x86_64: Process 7252 attached [pid 7252] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7252] chdir("./748") = 0 [pid 7252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7252] setpgid(0, 0) = 0 [pid 7252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7252] write(3, "1000", 4) = 4 [pid 7252] close(3) = 0 [pid 7252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7252] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7252] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7252] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7253], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7253 [pid 7252] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7252] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7253 attached [pid 7253] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7253] memfd_create("syzkaller", 0) = 3 [pid 7253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7253] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7253] munmap(0x7f5464ee2000, 524288) = 0 [pid 7253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7253] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7253] close(3) = 0 [pid 7253] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7253] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7253] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7253] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7253] ioctl(4, LOOP_CLR_FD) = 0 [pid 7253] close(4) = 0 [pid 7253] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7252] <... futex resumed>) = 0 [pid 7252] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7252] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7252] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7252] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7254], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7254 [pid 7252] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7252] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7253] <... futex resumed>) = 1 [pid 7253] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7253] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7253] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7254 attached [pid 7254] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7254] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7254] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7254] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7254] chdir(".") = 0 [pid 7254] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7252] <... futex resumed>) = 0 [pid 7254] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7252] exit_group(0) = ? [pid 7253] <... futex resumed>) = ? [pid 7253] +++ exited with 0 +++ [pid 7254] <... futex resumed>) = ? [ 155.765172][ T7253] loop0: detected capacity change from 0 to 1024 [pid 7254] +++ exited with 0 +++ [pid 7252] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7252, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./748", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./748", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./748/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./748/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./748/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./748/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./748/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./748/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./748/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./748/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./748/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./748") = 0 mkdir("./749", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7255 ./strace-static-x86_64: Process 7255 attached [pid 7255] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7255] chdir("./749") = 0 [pid 7255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7255] setpgid(0, 0) = 0 [pid 7255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7255] write(3, "1000", 4) = 4 [pid 7255] close(3) = 0 [pid 7255] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7255] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7255] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7255] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7256], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7256 [pid 7255] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7255] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7256 attached [pid 7256] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7256] memfd_create("syzkaller", 0) = 3 [pid 7256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7256] munmap(0x7f5464ee2000, 524288) = 0 [pid 7256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7256] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7256] close(3) = 0 [pid 7256] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7256] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7256] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7256] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7256] ioctl(4, LOOP_CLR_FD) = 0 [pid 7256] close(4) = 0 [pid 7256] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7256] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7255] <... futex resumed>) = 0 [pid 7255] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7255] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7255] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7255] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7257], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7257 [pid 7255] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7255] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7257 attached [pid 7257] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7256] <... futex resumed>) = 0 [pid 7257] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7257] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7256] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7256] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7256] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7257] <... mount resumed>) = 0 [pid 7257] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7257] chdir(".") = 0 [ 155.894769][ T7256] loop0: detected capacity change from 0 to 1024 [pid 7257] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7255] <... futex resumed>) = 0 [pid 7257] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7255] exit_group(0 [pid 7257] <... futex resumed>) = ? [pid 7256] <... futex resumed>) = ? [pid 7255] <... exit_group resumed>) = ? [pid 7257] +++ exited with 0 +++ [pid 7256] +++ exited with 0 +++ [pid 7255] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7255, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./749", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./749", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./749/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./749/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./749/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./749/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./749/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./749/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./749/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./749/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./749/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./749") = 0 mkdir("./750", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7258 ./strace-static-x86_64: Process 7258 attached [pid 7258] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7258] chdir("./750") = 0 [pid 7258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7258] setpgid(0, 0) = 0 [pid 7258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7258] write(3, "1000", 4) = 4 [pid 7258] close(3) = 0 [pid 7258] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7258] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7258] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7258] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7259], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7259 [pid 7258] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7258] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7259 attached [pid 7259] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7259] memfd_create("syzkaller", 0) = 3 [pid 7259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7259] munmap(0x7f5464ee2000, 524288) = 0 [pid 7259] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7259] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7259] close(3) = 0 [pid 7259] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7259] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7259] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7259] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7259] ioctl(4, LOOP_CLR_FD) = 0 [pid 7259] close(4) = 0 [pid 7259] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7258] <... futex resumed>) = 0 [pid 7258] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7258] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7258] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7258] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7260], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7260 [pid 7258] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7258] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7259] <... futex resumed>) = 1 [pid 7259] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7260 attached [pid 7260] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7260] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7260] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7259] <... mknodat resumed>) = 0 [pid 7259] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7259] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7260] <... mount resumed>) = 0 [pid 7260] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7260] chdir(".") = 0 [pid 7260] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7258] <... futex resumed>) = 0 [pid 7258] exit_group(0 [pid 7259] <... futex resumed>) = ? [pid 7258] <... exit_group resumed>) = ? [pid 7259] +++ exited with 0 +++ [pid 7260] <... futex resumed>) = ? [pid 7260] +++ exited with 0 +++ [pid 7258] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7258, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./750", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./750", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./750/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./750/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./750/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./750/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./750/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./750/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./750/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./750/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./750/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./750") = 0 mkdir("./751", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 156.007467][ T7259] loop0: detected capacity change from 0 to 1024 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7261 ./strace-static-x86_64: Process 7261 attached [pid 7261] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7261] chdir("./751") = 0 [pid 7261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7261] setpgid(0, 0) = 0 [pid 7261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7261] write(3, "1000", 4) = 4 [pid 7261] close(3) = 0 [pid 7261] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7261] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7261] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7261] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7262], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7262 [pid 7261] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7261] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7262 attached [pid 7262] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7262] memfd_create("syzkaller", 0) = 3 [pid 7262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7262] munmap(0x7f5464ee2000, 524288) = 0 [pid 7262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7262] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7262] close(3) = 0 [pid 7262] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7262] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7262] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7262] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7262] ioctl(4, LOOP_CLR_FD) = 0 [pid 7262] close(4) = 0 [pid 7262] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7262] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7261] <... futex resumed>) = 0 [pid 7261] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7261] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7261] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7261] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7263], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7263 [pid 7261] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7261] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7262] <... futex resumed>) = 0 [pid 7262] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7262] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7262] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7263 attached [pid 7263] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7263] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7263] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7263] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7263] chdir(".") = 0 [pid 7263] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7261] <... futex resumed>) = 0 [pid 7261] exit_group(0) = ? [pid 7262] <... futex resumed>) = ? [pid 7262] +++ exited with 0 +++ [pid 7263] <... futex resumed>) = ? [pid 7263] +++ exited with 0 +++ [pid 7261] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7261, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./751", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./751", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 156.114599][ T7262] loop0: detected capacity change from 0 to 1024 umount2("./751/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./751/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./751/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./751/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./751/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./751/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./751/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./751/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./751/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./751") = 0 mkdir("./752", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7264 ./strace-static-x86_64: Process 7264 attached [pid 7264] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7264] chdir("./752") = 0 [pid 7264] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7264] setpgid(0, 0) = 0 [pid 7264] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7264] write(3, "1000", 4) = 4 [pid 7264] close(3) = 0 [pid 7264] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7264] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7264] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7264] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7265], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7265 [pid 7264] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7264] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7265 attached [pid 7265] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7265] memfd_create("syzkaller", 0) = 3 [pid 7265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7265] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7265] munmap(0x7f5464ee2000, 524288) = 0 [pid 7265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7265] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7265] close(3) = 0 [pid 7265] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7265] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7265] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7265] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7265] ioctl(4, LOOP_CLR_FD) = 0 [pid 7265] close(4) = 0 [pid 7265] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7264] <... futex resumed>) = 0 [pid 7264] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7264] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7264] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7264] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7266], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7266 [pid 7264] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7264] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7265] <... futex resumed>) = 1 [pid 7265] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7266 attached [pid 7266] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7266] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7266] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7265] <... mknodat resumed>) = 0 [pid 7265] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7265] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7266] <... mount resumed>) = 0 [pid 7266] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7266] chdir(".") = 0 [pid 7266] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7264] <... futex resumed>) = 0 [pid 7264] exit_group(0) = ? [pid 7265] <... futex resumed>) = ? [pid 7265] +++ exited with 0 +++ [pid 7266] +++ exited with 0 +++ [pid 7264] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7264, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./752", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./752", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./752/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./752/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./752/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./752/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./752/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./752/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./752/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./752/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./752/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./752") = 0 mkdir("./753", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 156.207715][ T7265] loop0: detected capacity change from 0 to 1024 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7267 ./strace-static-x86_64: Process 7267 attached [pid 7267] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7267] chdir("./753") = 0 [pid 7267] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7267] setpgid(0, 0) = 0 [pid 7267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7267] write(3, "1000", 4) = 4 [pid 7267] close(3) = 0 [pid 7267] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7267] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7267] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7267] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7268], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7268 [pid 7267] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7267] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7268 attached [pid 7268] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7268] memfd_create("syzkaller", 0) = 3 [pid 7268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7268] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7268] munmap(0x7f5464ee2000, 524288) = 0 [pid 7268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7268] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7268] close(3) = 0 [pid 7268] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7268] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7268] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7268] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7268] ioctl(4, LOOP_CLR_FD) = 0 [pid 7268] close(4) = 0 [pid 7268] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7267] <... futex resumed>) = 0 [pid 7267] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7267] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7267] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7267] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7269], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7269 [pid 7267] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7267] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7268] <... futex resumed>) = 1 [pid 7268] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7269 attached [pid 7269] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7269] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7269] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7268] <... mknodat resumed>) = 0 [pid 7268] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7268] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7269] <... mount resumed>) = 0 [pid 7269] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7269] chdir(".") = 0 [pid 7269] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7267] <... futex resumed>) = 0 [pid 7267] exit_group(0) = ? [pid 7268] <... futex resumed>) = ? [pid 7268] +++ exited with 0 +++ [pid 7269] <... futex resumed>) = ? [pid 7269] +++ exited with 0 +++ [pid 7267] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7267, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./753", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./753", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./753/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 156.309410][ T7268] loop0: detected capacity change from 0 to 1024 umount2("./753/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./753/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./753/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./753/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./753/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./753/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./753/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./753/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./753") = 0 mkdir("./754", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7270 ./strace-static-x86_64: Process 7270 attached [pid 7270] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7270] chdir("./754") = 0 [pid 7270] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7270] setpgid(0, 0) = 0 [pid 7270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7270] write(3, "1000", 4) = 4 [pid 7270] close(3) = 0 [pid 7270] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7270] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7270] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7270] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7271 attached , parent_tid=[7271], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7271 [pid 7271] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7271] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7270] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7271] <... futex resumed>) = 0 [pid 7271] memfd_create("syzkaller", 0 [pid 7270] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7271] <... memfd_create resumed>) = 3 [pid 7271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7271] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7271] munmap(0x7f5464ee2000, 524288) = 0 [pid 7271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7271] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7271] close(3) = 0 [pid 7271] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7271] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7271] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7271] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7271] ioctl(4, LOOP_CLR_FD) = 0 [pid 7271] close(4) = 0 [pid 7271] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7270] <... futex resumed>) = 0 [pid 7270] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7270] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7271] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7270] <... mmap resumed>) = 0x7f5464f41000 [pid 7270] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7270] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7272], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7272 [pid 7270] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7270] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7272 attached [pid 7272] set_robust_list(0x7f5464f619e0, 24 [pid 7271] <... mknodat resumed>) = 0 [pid 7271] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7271] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7272] <... set_robust_list resumed>) = 0 [pid 7272] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7272] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7272] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7272] chdir(".") = 0 [pid 7272] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7270] <... futex resumed>) = 0 [pid 7270] exit_group(0) = ? [pid 7271] <... futex resumed>) = ? [pid 7271] +++ exited with 0 +++ [pid 7272] <... futex resumed>) = ? [pid 7272] +++ exited with 0 +++ [pid 7270] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7270, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./754", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./754", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./754/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./754/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./754/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./754/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./754/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 [ 156.419016][ T7271] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./754/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./754/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./754/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./754/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./754") = 0 mkdir("./755", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7273 ./strace-static-x86_64: Process 7273 attached [pid 7273] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7273] chdir("./755") = 0 [pid 7273] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7273] setpgid(0, 0) = 0 [pid 7273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7273] write(3, "1000", 4) = 4 [pid 7273] close(3) = 0 [pid 7273] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7273] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7273] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7273] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7274 attached , parent_tid=[7274], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7274 [pid 7273] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7273] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7274] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7274] memfd_create("syzkaller", 0) = 3 [pid 7274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7274] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7274] munmap(0x7f5464ee2000, 524288) = 0 [pid 7274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7274] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7274] close(3) = 0 [pid 7274] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7274] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7274] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7274] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7274] ioctl(4, LOOP_CLR_FD) = 0 [pid 7274] close(4) = 0 [pid 7274] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7273] <... futex resumed>) = 0 [pid 7273] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7273] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7273] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7273] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7275 attached , parent_tid=[7275], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7275 [pid 7273] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7273] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7274] <... futex resumed>) = 1 [pid 7274] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7275] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7275] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7275] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7274] <... mknodat resumed>) = 0 [pid 7274] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7274] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7275] <... mount resumed>) = 0 [pid 7275] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7275] chdir(".") = 0 [pid 7275] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7273] <... futex resumed>) = 0 [pid 7273] exit_group(0) = ? [pid 7275] +++ exited with 0 +++ [pid 7274] <... futex resumed>) = ? [pid 7274] +++ exited with 0 +++ [pid 7273] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7273, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./755", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./755", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./755/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 156.528746][ T7274] loop0: detected capacity change from 0 to 1024 umount2("./755/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./755/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./755/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./755/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./755/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./755/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./755/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./755/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./755") = 0 mkdir("./756", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7276 ./strace-static-x86_64: Process 7276 attached [pid 7276] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7276] chdir("./756") = 0 [pid 7276] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7276] setpgid(0, 0) = 0 [pid 7276] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7276] write(3, "1000", 4) = 4 [pid 7276] close(3) = 0 [pid 7276] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7276] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7276] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7276] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7277], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7277 [pid 7276] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7276] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7277 attached [pid 7277] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7277] memfd_create("syzkaller", 0) = 3 [pid 7277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7277] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7277] munmap(0x7f5464ee2000, 524288) = 0 [pid 7277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7277] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7277] close(3) = 0 [pid 7277] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7277] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7277] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7277] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7277] ioctl(4, LOOP_CLR_FD) = 0 [pid 7277] close(4) = 0 [pid 7277] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7276] <... futex resumed>) = 0 [pid 7276] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7276] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7277] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7276] <... mmap resumed>) = 0x7f5464f41000 [pid 7276] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7276] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7278], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7278 [pid 7276] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7276] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7277] <... mknodat resumed>) = 0 [pid 7277] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7277] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7278 attached [pid 7278] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7278] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7278] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7278] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7278] chdir(".") = 0 [pid 7278] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7276] <... futex resumed>) = 0 [pid 7276] exit_group(0) = ? [pid 7278] <... futex resumed>) = ? [pid 7278] +++ exited with 0 +++ [pid 7277] <... futex resumed>) = ? [pid 7277] +++ exited with 0 +++ [pid 7276] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7276, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./756", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./756", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./756/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./756/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./756/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 156.634020][ T7277] loop0: detected capacity change from 0 to 1024 umount2("./756/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./756/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./756/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./756/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./756/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./756/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./756") = 0 mkdir("./757", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7279 ./strace-static-x86_64: Process 7279 attached [pid 7279] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7279] chdir("./757") = 0 [pid 7279] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7279] setpgid(0, 0) = 0 [pid 7279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7279] write(3, "1000", 4) = 4 [pid 7279] close(3) = 0 [pid 7279] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7279] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7279] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7279] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7280], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7280 ./strace-static-x86_64: Process 7280 attached [pid 7279] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7279] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7280] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7280] memfd_create("syzkaller", 0) = 3 [pid 7280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7280] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7280] munmap(0x7f5464ee2000, 524288) = 0 [pid 7280] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7280] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7280] close(3) = 0 [pid 7280] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7280] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7280] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7280] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7280] ioctl(4, LOOP_CLR_FD) = 0 [pid 7280] close(4) = 0 [pid 7280] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7279] <... futex resumed>) = 0 [pid 7279] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7279] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7280] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7279] <... mmap resumed>) = 0x7f5464f41000 [pid 7279] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7279] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7281], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7281 [pid 7279] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7279] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7280] <... mknodat resumed>) = 0 [pid 7280] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7280] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7281 attached [pid 7281] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7281] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7281] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7281] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7281] chdir(".") = 0 [pid 7281] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7281] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7279] <... futex resumed>) = 0 [pid 7279] exit_group(0) = ? [pid 7280] <... futex resumed>) = ? [pid 7280] +++ exited with 0 +++ [pid 7281] <... futex resumed>) = ? [pid 7281] +++ exited with 0 +++ [pid 7279] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7279, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./757", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./757", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./757/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./757/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./757/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./757/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./757/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 [ 156.734331][ T7280] loop0: detected capacity change from 0 to 1024 close(4) = 0 rmdir("./757/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./757/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./757/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./757/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./757") = 0 mkdir("./758", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7282 attached [pid 7282] set_robust_list(0x5555561b25e0, 24 [pid 4999] <... clone resumed>, child_tidptr=0x5555561b25d0) = 7282 [pid 7282] <... set_robust_list resumed>) = 0 [pid 7282] chdir("./758") = 0 [pid 7282] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7282] setpgid(0, 0) = 0 [pid 7282] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7282] write(3, "1000", 4) = 4 [pid 7282] close(3) = 0 [pid 7282] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7282] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7282] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7282] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7283], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7283 [pid 7282] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7282] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7283 attached [pid 7283] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7283] memfd_create("syzkaller", 0) = 3 [pid 7283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7283] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7283] munmap(0x7f5464ee2000, 524288) = 0 [pid 7283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7283] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7283] close(3) = 0 [pid 7283] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7283] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7283] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7283] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7283] ioctl(4, LOOP_CLR_FD) = 0 [pid 7283] close(4) = 0 [pid 7283] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7282] <... futex resumed>) = 0 [pid 7282] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7282] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7282] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7282] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7284], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7284 [pid 7282] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7282] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7283] <... futex resumed>) = 1 [pid 7283] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7283] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7283] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7284 attached [pid 7284] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7284] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7284] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7284] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7284] chdir(".") = 0 [pid 7284] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7282] <... futex resumed>) = 0 [pid 7282] exit_group(0) = ? [pid 7283] <... futex resumed>) = ? [pid 7283] +++ exited with 0 +++ [pid 7284] +++ exited with 0 +++ [pid 7282] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7282, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./758", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./758", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./758/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./758/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./758/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./758/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./758/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 156.831559][ T7283] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./758/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./758/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./758/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./758/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./758") = 0 mkdir("./759", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7285 ./strace-static-x86_64: Process 7285 attached [pid 7285] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7285] chdir("./759") = 0 [pid 7285] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7285] setpgid(0, 0) = 0 [pid 7285] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7285] write(3, "1000", 4) = 4 [pid 7285] close(3) = 0 [pid 7285] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7285] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7285] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7285] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7285] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7286 attached , parent_tid=[7286], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7286 [pid 7286] set_robust_list(0x7f546d3029e0, 24 [pid 7285] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7286] <... set_robust_list resumed>) = 0 [pid 7285] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7286] memfd_create("syzkaller", 0) = 3 [pid 7286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7286] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7286] munmap(0x7f5464ee2000, 524288) = 0 [pid 7286] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7286] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7286] close(3) = 0 [pid 7286] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7286] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7286] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7286] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7286] ioctl(4, LOOP_CLR_FD) = 0 [pid 7286] close(4) = 0 [pid 7286] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7285] <... futex resumed>) = 0 [pid 7285] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7285] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7285] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7285] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7285] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7287], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7287 [pid 7285] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7285] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7286] <... futex resumed>) = 1 [pid 7286] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7287 attached [pid 7287] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7287] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7287] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7286] <... mknodat resumed>) = 0 [pid 7286] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7286] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7287] <... mount resumed>) = 0 [pid 7287] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7287] chdir(".") = 0 [pid 7287] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7285] <... futex resumed>) = 0 [pid 7287] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7285] exit_group(0) = ? [pid 7286] <... futex resumed>) = ? [pid 7286] +++ exited with 0 +++ [pid 7287] <... futex resumed>) = ? [pid 7287] +++ exited with 0 +++ [pid 7285] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7285, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./759", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./759", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./759/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./759/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./759/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 156.928198][ T7286] loop0: detected capacity change from 0 to 1024 umount2("./759/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./759/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./759/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./759/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./759/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./759/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./759") = 0 mkdir("./760", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7288 ./strace-static-x86_64: Process 7288 attached [pid 7288] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7288] chdir("./760") = 0 [pid 7288] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7288] setpgid(0, 0) = 0 [pid 7288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7288] write(3, "1000", 4) = 4 [pid 7288] close(3) = 0 [pid 7288] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7288] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7288] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7288] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7289 attached , parent_tid=[7289], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7289 [pid 7289] set_robust_list(0x7f546d3029e0, 24 [pid 7288] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7289] <... set_robust_list resumed>) = 0 [pid 7288] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7289] memfd_create("syzkaller", 0) = 3 [pid 7289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7289] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7289] munmap(0x7f5464ee2000, 524288) = 0 [pid 7289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7289] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7289] close(3) = 0 [pid 7289] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7289] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7289] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7289] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7289] ioctl(4, LOOP_CLR_FD) = 0 [pid 7289] close(4) = 0 [pid 7289] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7289] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7288] <... futex resumed>) = 0 [pid 7288] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7288] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7289] <... futex resumed>) = 0 [pid 7289] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7288] <... mmap resumed>) = 0x7f5464f41000 [pid 7288] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7288] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7290], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7290 [pid 7288] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7288] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7290 attached [pid 7290] set_robust_list(0x7f5464f619e0, 24 [pid 7289] <... mknodat resumed>) = 0 [pid 7290] <... set_robust_list resumed>) = 0 [pid 7289] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7290] mkdir(".", 0777 [pid 7289] <... futex resumed>) = 0 [pid 7289] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7290] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7290] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7290] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7290] chdir(".") = 0 [pid 7290] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7288] <... futex resumed>) = 0 [pid 7290] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7288] exit_group(0) = ? [pid 7290] <... futex resumed>) = ? [pid 7290] +++ exited with 0 +++ [pid 7289] <... futex resumed>) = ? [pid 7289] +++ exited with 0 +++ [pid 7288] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7288, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./760", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./760", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./760/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./760/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./760/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./760/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./760/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./760/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./760/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./760/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./760/binderfs") = 0 [ 157.029871][ T7289] loop0: detected capacity change from 0 to 1024 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./760") = 0 mkdir("./761", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7291 ./strace-static-x86_64: Process 7291 attached [pid 7291] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7291] chdir("./761") = 0 [pid 7291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7291] setpgid(0, 0) = 0 [pid 7291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7291] write(3, "1000", 4) = 4 [pid 7291] close(3) = 0 [pid 7291] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7291] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7291] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7291] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7292 attached , parent_tid=[7292], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7292 [pid 7291] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7291] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7292] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7292] memfd_create("syzkaller", 0) = 3 [pid 7292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7292] munmap(0x7f5464ee2000, 524288) = 0 [pid 7292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7292] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7292] close(3) = 0 [pid 7292] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7292] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7292] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7292] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7292] ioctl(4, LOOP_CLR_FD) = 0 [pid 7292] close(4) = 0 [pid 7292] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7291] <... futex resumed>) = 0 [pid 7291] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7291] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7291] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7291] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7293], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7293 [pid 7291] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7291] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7292] <... futex resumed>) = 1 [pid 7292] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7293 attached [pid 7293] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7293] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7292] <... mknodat resumed>) = 0 [pid 7293] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7292] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7292] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7293] <... mount resumed>) = 0 [pid 7293] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7293] chdir(".") = 0 [pid 7293] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7291] <... futex resumed>) = 0 [pid 7291] exit_group(0 [pid 7292] <... futex resumed>) = ? [pid 7291] <... exit_group resumed>) = ? [pid 7293] +++ exited with 0 +++ [pid 7292] +++ exited with 0 +++ [pid 7291] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7291, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./761", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./761", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./761/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./761/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./761/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./761/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./761/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./761/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./761/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./761/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./761/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./761") = 0 mkdir("./762", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7294 attached , child_tidptr=0x5555561b25d0) = 7294 [pid 7294] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7294] chdir("./762") = 0 [pid 7294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7294] setpgid(0, 0) = 0 [ 157.134121][ T7292] loop0: detected capacity change from 0 to 1024 [pid 7294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7294] write(3, "1000", 4) = 4 [pid 7294] close(3) = 0 [pid 7294] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7294] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7294] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7294] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7295], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7295 [pid 7294] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7295 attached ) = 0 [pid 7295] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7294] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7295] memfd_create("syzkaller", 0) = 3 [pid 7295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7295] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7295] munmap(0x7f5464ee2000, 524288) = 0 [pid 7295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7295] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7295] close(3) = 0 [pid 7295] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7295] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7295] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7295] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7295] ioctl(4, LOOP_CLR_FD) = 0 [pid 7295] close(4) = 0 [pid 7295] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7295] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7294] <... futex resumed>) = 0 [pid 7294] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7295] <... futex resumed>) = 0 [pid 7294] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7295] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7294] <... futex resumed>) = 0 [pid 7294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7294] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7294] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7296 attached , parent_tid=[7296], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7296 [pid 7296] set_robust_list(0x7f5464f619e0, 24 [pid 7294] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7296] <... set_robust_list resumed>) = 0 [pid 7294] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7296] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7296] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7295] <... mknodat resumed>) = 0 [pid 7295] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7295] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7296] <... mount resumed>) = 0 [pid 7296] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7296] chdir(".") = 0 [pid 7296] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7294] <... futex resumed>) = 0 [pid 7296] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7294] exit_group(0) = ? [pid 7295] <... futex resumed>) = ? [pid 7295] +++ exited with 0 +++ [pid 7296] <... futex resumed>) = ? [pid 7296] +++ exited with 0 +++ [pid 7294] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7294, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./762", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./762", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 157.231002][ T7295] loop0: detected capacity change from 0 to 1024 umount2("./762/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./762/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./762/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./762/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./762/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./762/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./762/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./762/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./762/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./762") = 0 mkdir("./763", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7297 attached [pid 7297] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7297] chdir("./763") = 0 [pid 7297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4999] <... clone resumed>, child_tidptr=0x5555561b25d0) = 7297 [pid 7297] setpgid(0, 0) = 0 [pid 7297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7297] write(3, "1000", 4) = 4 [pid 7297] close(3) = 0 [pid 7297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7297] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7297] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7297] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7298 attached , parent_tid=[7298], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7298 [pid 7298] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7297] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7297] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7298] memfd_create("syzkaller", 0) = 3 [pid 7298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7298] munmap(0x7f5464ee2000, 524288) = 0 [pid 7298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7298] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7298] close(3) = 0 [pid 7298] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7298] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7298] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7298] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7298] ioctl(4, LOOP_CLR_FD) = 0 [pid 7298] close(4) = 0 [pid 7298] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7297] <... futex resumed>) = 0 [pid 7297] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7297] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7297] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7297] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7299], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7299 [pid 7297] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7297] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7298] <... futex resumed>) = 1 [pid 7298] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7298] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7298] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7299 attached [pid 7299] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7299] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7299] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7299] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7299] chdir(".") = 0 [pid 7299] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7297] <... futex resumed>) = 0 [pid 7297] exit_group(0) = ? [pid 7298] <... futex resumed>) = ? [pid 7298] +++ exited with 0 +++ [pid 7299] +++ exited with 0 +++ [pid 7297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7297, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./763", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./763", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./763/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./763/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./763/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 157.335690][ T7298] loop0: detected capacity change from 0 to 1024 umount2("./763/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./763/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./763/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./763/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./763/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./763/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./763") = 0 mkdir("./764", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7300 ./strace-static-x86_64: Process 7300 attached [pid 7300] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7300] chdir("./764") = 0 [pid 7300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7300] setpgid(0, 0) = 0 [pid 7300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7300] write(3, "1000", 4) = 4 [pid 7300] close(3) = 0 [pid 7300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7300] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7300] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7300] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7301 attached [pid 7301] set_robust_list(0x7f546d3029e0, 24 [pid 7300] <... clone resumed>, parent_tid=[7301], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7301 [pid 7301] <... set_robust_list resumed>) = 0 [pid 7300] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7300] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7301] memfd_create("syzkaller", 0) = 3 [pid 7301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7301] munmap(0x7f5464ee2000, 524288) = 0 [pid 7301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7301] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7301] close(3) = 0 [pid 7301] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7301] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7301] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7301] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7301] ioctl(4, LOOP_CLR_FD) = 0 [pid 7301] close(4) = 0 [pid 7301] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7300] <... futex resumed>) = 0 [pid 7301] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7300] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7300] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7300] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7300] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7302], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7302 [pid 7300] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7301] <... mknodat resumed>) = 0 [pid 7300] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7301] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7301] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7302 attached [pid 7302] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7302] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7302] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7302] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7302] chdir(".") = 0 [pid 7302] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7300] <... futex resumed>) = 0 [pid 7302] <... futex resumed>) = 1 [pid 7300] exit_group(0 [pid 7302] ???() = ? [pid 7301] <... futex resumed>) = ? [pid 7300] <... exit_group resumed>) = ? [pid 7302] +++ exited with 0 +++ [pid 7301] +++ exited with 0 +++ [pid 7300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7300, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./764", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./764", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 157.444153][ T7301] loop0: detected capacity change from 0 to 1024 umount2("./764/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./764/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./764/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./764/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./764/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./764/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./764/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./764/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./764/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./764") = 0 mkdir("./765", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7303 ./strace-static-x86_64: Process 7303 attached [pid 7303] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7303] chdir("./765") = 0 [pid 7303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7303] setpgid(0, 0) = 0 [pid 7303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7303] write(3, "1000", 4) = 4 [pid 7303] close(3) = 0 [pid 7303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7303] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7303] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7303] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7304], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7304 [pid 7303] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7303] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7304 attached [pid 7304] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7304] memfd_create("syzkaller", 0) = 3 [pid 7304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7304] munmap(0x7f5464ee2000, 524288) = 0 [pid 7304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7304] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7304] close(3) = 0 [pid 7304] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7304] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7304] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7304] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7304] ioctl(4, LOOP_CLR_FD) = 0 [pid 7304] close(4) = 0 [pid 7304] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7303] <... futex resumed>) = 0 [pid 7303] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7303] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7303] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7303] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7305], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7305 [pid 7303] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7303] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7304] <... futex resumed>) = 1 [pid 7304] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7305 attached [pid 7305] set_robust_list(0x7f5464f619e0, 24 [pid 7304] <... mknodat resumed>) = 0 [pid 7304] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7304] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7305] <... set_robust_list resumed>) = 0 [pid 7305] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7305] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7305] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7305] chdir(".") = 0 [pid 7305] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7303] <... futex resumed>) = 0 [pid 7303] exit_group(0) = ? [pid 7304] <... futex resumed>) = ? [pid 7304] +++ exited with 0 +++ [pid 7305] <... futex resumed>) = ? [pid 7305] +++ exited with 0 +++ [pid 7303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7303, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./765", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./765", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./765/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./765/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./765/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./765/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./765/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 157.555192][ T7304] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./765/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./765/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./765/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./765/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./765") = 0 mkdir("./766", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7306 ./strace-static-x86_64: Process 7306 attached [pid 7306] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7306] chdir("./766") = 0 [pid 7306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7306] setpgid(0, 0) = 0 [pid 7306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7306] write(3, "1000", 4) = 4 [pid 7306] close(3) = 0 [pid 7306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7306] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7306] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7306] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7307], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7307 [pid 7306] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7306] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7307 attached [pid 7307] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7307] memfd_create("syzkaller", 0) = 3 [pid 7307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7307] munmap(0x7f5464ee2000, 524288) = 0 [pid 7307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7307] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7307] close(3) = 0 [pid 7307] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7307] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7307] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7307] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7307] ioctl(4, LOOP_CLR_FD) = 0 [pid 7307] close(4) = 0 [pid 7307] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7306] <... futex resumed>) = 0 [pid 7306] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7306] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7306] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7306] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7308], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7308 [pid 7306] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7306] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7307] <... futex resumed>) = 1 [pid 7307] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7307] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7307] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7308 attached [pid 7308] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7308] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7308] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7308] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7308] chdir(".") = 0 [pid 7308] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7306] <... futex resumed>) = 0 [pid 7308] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7306] exit_group(0 [pid 7308] <... futex resumed>) = ? [pid 7306] <... exit_group resumed>) = ? [pid 7307] <... futex resumed>) = ? [pid 7307] +++ exited with 0 +++ [pid 7308] +++ exited with 0 +++ [pid 7306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7306, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./766", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./766", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 157.659534][ T7307] loop0: detected capacity change from 0 to 1024 umount2("./766/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./766/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./766/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./766/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./766/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./766/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./766/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./766/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./766/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./766") = 0 mkdir("./767", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7309 attached , child_tidptr=0x5555561b25d0) = 7309 [pid 7309] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7309] chdir("./767") = 0 [pid 7309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7309] setpgid(0, 0) = 0 [pid 7309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7309] write(3, "1000", 4) = 4 [pid 7309] close(3) = 0 [pid 7309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7309] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7309] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7309] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7310 attached , parent_tid=[7310], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7310 [pid 7309] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7309] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7310] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7310] memfd_create("syzkaller", 0) = 3 [pid 7310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7310] munmap(0x7f5464ee2000, 524288) = 0 [pid 7310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7310] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7310] close(3) = 0 [pid 7310] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7310] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7310] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7310] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7310] ioctl(4, LOOP_CLR_FD) = 0 [pid 7310] close(4) = 0 [pid 7310] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7309] <... futex resumed>) = 0 [pid 7309] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7309] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7310] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7309] <... futex resumed>) = 0 [pid 7309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7309] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7309] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7311], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7311 [pid 7309] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7309] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7310] <... mknodat resumed>) = 0 [pid 7310] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7311 attached [pid 7311] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7311] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7311] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7310] <... futex resumed>) = 0 [pid 7310] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7311] <... mount resumed>) = 0 [pid 7311] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7311] chdir(".") = 0 [pid 7311] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7309] <... futex resumed>) = 0 [pid 7311] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7309] exit_group(0 [pid 7310] <... futex resumed>) = ? [pid 7309] <... exit_group resumed>) = ? [pid 7311] <... futex resumed>) = ? [pid 7310] +++ exited with 0 +++ [pid 7311] +++ exited with 0 +++ [pid 7309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7309, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./767", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./767", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 157.766146][ T7310] loop0: detected capacity change from 0 to 1024 umount2("./767/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./767/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./767/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./767/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./767/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./767/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./767/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./767/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./767/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./767") = 0 mkdir("./768", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7312 ./strace-static-x86_64: Process 7312 attached [pid 7312] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7312] chdir("./768") = 0 [pid 7312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7312] setpgid(0, 0) = 0 [pid 7312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7312] write(3, "1000", 4) = 4 [pid 7312] close(3) = 0 [pid 7312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7312] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7312] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7312] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7313 attached , parent_tid=[7313], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7313 [pid 7313] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7313] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7312] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7312] <... futex resumed>) = 0 [pid 7312] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7313] memfd_create("syzkaller", 0) = 3 [pid 7313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7313] munmap(0x7f5464ee2000, 524288) = 0 [pid 7313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7313] close(3) = 0 [pid 7313] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7313] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7313] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7313] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7313] ioctl(4, LOOP_CLR_FD) = 0 [pid 7313] close(4) = 0 [pid 7313] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7312] <... futex resumed>) = 0 [pid 7312] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7312] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7313] <... futex resumed>) = 1 [pid 7312] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7313] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7312] <... mprotect resumed>) = 0 [pid 7312] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7314], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7314 [pid 7312] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7312] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7314 attached [pid 7314] set_robust_list(0x7f5464f619e0, 24 [pid 7313] <... mknodat resumed>) = 0 [pid 7314] <... set_robust_list resumed>) = 0 [pid 7314] mkdir(".", 0777 [pid 7313] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7314] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7314] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7313] <... futex resumed>) = 0 [pid 7313] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7314] <... mount resumed>) = 0 [pid 7314] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7314] chdir(".") = 0 [pid 7314] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7312] <... futex resumed>) = 0 [pid 7314] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7312] exit_group(0 [pid 7314] <... futex resumed>) = ? [pid 7312] <... exit_group resumed>) = ? [pid 7313] <... futex resumed>) = ? [pid 7314] +++ exited with 0 +++ [pid 7313] +++ exited with 0 +++ [pid 7312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7312, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./768", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./768", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 157.879281][ T7313] loop0: detected capacity change from 0 to 1024 umount2("./768/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./768/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./768/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./768/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./768/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./768/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./768/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./768/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./768/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./768") = 0 mkdir("./769", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7315 ./strace-static-x86_64: Process 7315 attached [pid 7315] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7315] chdir("./769") = 0 [pid 7315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7315] setpgid(0, 0) = 0 [pid 7315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7315] write(3, "1000", 4) = 4 [pid 7315] close(3) = 0 [pid 7315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7315] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7315] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7315] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7316 attached , parent_tid=[7316], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7316 [pid 7316] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7316] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7315] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7316] <... futex resumed>) = 0 [pid 7315] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7316] memfd_create("syzkaller", 0) = 3 [pid 7316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7316] munmap(0x7f5464ee2000, 524288) = 0 [pid 7316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7316] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7316] close(3) = 0 [pid 7316] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7316] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7316] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7316] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7316] ioctl(4, LOOP_CLR_FD) = 0 [pid 7316] close(4) = 0 [pid 7316] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7315] <... futex resumed>) = 0 [pid 7316] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7315] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7315] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7315] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7315] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7317 attached [pid 7317] set_robust_list(0x7f5464f619e0, 24 [pid 7315] <... clone resumed>, parent_tid=[7317], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7317 [pid 7315] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7317] <... set_robust_list resumed>) = 0 [pid 7315] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7317] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7317] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7316] <... mknodat resumed>) = 0 [pid 7316] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7316] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7317] <... mount resumed>) = 0 [pid 7317] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7317] chdir(".") = 0 [pid 7317] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7315] <... futex resumed>) = 0 [pid 7315] exit_group(0) = ? [pid 7316] <... futex resumed>) = ? [pid 7317] +++ exited with 0 +++ [pid 7316] +++ exited with 0 +++ [pid 7315] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7315, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./769", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./769", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 157.997956][ T7316] loop0: detected capacity change from 0 to 1024 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./769/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./769/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./769/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./769/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./769/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./769/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./769/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./769/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./769/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./769") = 0 mkdir("./770", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7318 ./strace-static-x86_64: Process 7318 attached [pid 7318] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7318] chdir("./770") = 0 [pid 7318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7318] setpgid(0, 0) = 0 [pid 7318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7318] write(3, "1000", 4) = 4 [pid 7318] close(3) = 0 [pid 7318] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7318] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7318] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7318] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7319 attached , parent_tid=[7319], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7319 [pid 7319] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7319] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7318] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7319] <... futex resumed>) = 0 [pid 7318] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7319] memfd_create("syzkaller", 0) = 3 [pid 7319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7319] munmap(0x7f5464ee2000, 524288) = 0 [pid 7319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7319] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7319] close(3) = 0 [pid 7319] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7319] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7319] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7319] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7319] ioctl(4, LOOP_CLR_FD) = 0 [pid 7319] close(4) = 0 [pid 7319] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7318] <... futex resumed>) = 0 [pid 7318] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7318] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7318] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7318] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7320], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7320 [pid 7318] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7318] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7319] <... futex resumed>) = 1 [pid 7319] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7319] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7319] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7320 attached [pid 7320] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7320] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7320] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7320] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7320] chdir(".") = 0 [pid 7320] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7318] <... futex resumed>) = 0 [pid 7318] exit_group(0 [pid 7319] <... futex resumed>) = ? [pid 7318] <... exit_group resumed>) = ? [pid 7319] +++ exited with 0 +++ [pid 7320] <... futex resumed>) = ? [pid 7320] +++ exited with 0 +++ [pid 7318] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7318, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./770", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./770", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./770/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./770/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./770/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./770/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./770/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./770/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./770/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 158.127615][ T7319] loop0: detected capacity change from 0 to 1024 lstat("./770/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./770/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./770") = 0 mkdir("./771", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7321 ./strace-static-x86_64: Process 7321 attached [pid 7321] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7321] chdir("./771") = 0 [pid 7321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7321] setpgid(0, 0) = 0 [pid 7321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7321] write(3, "1000", 4) = 4 [pid 7321] close(3) = 0 [pid 7321] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7321] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7321] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7321] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7322], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7322 [pid 7321] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7321] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7322 attached [pid 7322] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7322] memfd_create("syzkaller", 0) = 3 [pid 7322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7322] munmap(0x7f5464ee2000, 524288) = 0 [pid 7322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7322] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7322] close(3) = 0 [pid 7322] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7322] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7322] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7322] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7322] ioctl(4, LOOP_CLR_FD) = 0 [pid 7322] close(4) = 0 [pid 7322] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7321] <... futex resumed>) = 0 [pid 7321] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7321] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7321] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7321] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7323], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7323 [pid 7321] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7323 attached [pid 7323] set_robust_list(0x7f5464f619e0, 24 [pid 7322] <... futex resumed>) = 1 [pid 7321] <... futex resumed>) = 0 [pid 7323] <... set_robust_list resumed>) = 0 [pid 7322] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7321] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7323] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7322] <... mknodat resumed>) = 0 [pid 7323] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7322] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7322] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7323] <... mount resumed>) = 0 [pid 7323] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7323] chdir(".") = 0 [pid 7323] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7321] <... futex resumed>) = 0 [pid 7323] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7321] exit_group(0 [pid 7323] <... futex resumed>) = ? [pid 7322] <... futex resumed>) = ? [pid 7321] <... exit_group resumed>) = ? [pid 7322] +++ exited with 0 +++ [pid 7323] +++ exited with 0 +++ [pid 7321] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7321, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./771", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./771", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./771/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 158.235076][ T7322] loop0: detected capacity change from 0 to 1024 umount2("./771/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./771/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./771/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./771/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./771/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./771/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./771/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./771/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./771") = 0 mkdir("./772", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7324 ./strace-static-x86_64: Process 7324 attached [pid 7324] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7324] chdir("./772") = 0 [pid 7324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7324] setpgid(0, 0) = 0 [pid 7324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7324] write(3, "1000", 4) = 4 [pid 7324] close(3) = 0 [pid 7324] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7324] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7324] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7324] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7325], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7325 [pid 7324] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7324] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7325 attached [pid 7325] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7325] memfd_create("syzkaller", 0) = 3 [pid 7325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7325] munmap(0x7f5464ee2000, 524288) = 0 [pid 7325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7325] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7325] close(3) = 0 [pid 7325] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7325] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7325] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7325] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7325] ioctl(4, LOOP_CLR_FD) = 0 [pid 7325] close(4) = 0 [pid 7325] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7324] <... futex resumed>) = 0 [pid 7325] <... futex resumed>) = 1 [pid 7325] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7324] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7324] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7324] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7324] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7326 attached , parent_tid=[7326], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7326 [pid 7326] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7326] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7324] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7326] <... futex resumed>) = 0 [pid 7324] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7326] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7326] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7325] <... mknodat resumed>) = 0 [pid 7325] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7326] <... mount resumed>) = 0 [pid 7325] <... futex resumed>) = 0 [pid 7326] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7326] chdir(".") = 0 [pid 7326] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7324] <... futex resumed>) = 0 [pid 7326] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7324] exit_group(0) = ? [pid 7326] <... futex resumed>) = ? [pid 7326] +++ exited with 0 +++ [pid 7325] +++ exited with 0 +++ [pid 7324] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7324, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./772", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./772", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./772/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./772/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./772/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./772/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./772/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./772/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./772/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./772/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 158.343626][ T7325] loop0: detected capacity change from 0 to 1024 unlink("./772/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./772") = 0 mkdir("./773", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7327 attached [pid 7327] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7327] chdir("./773") = 0 [pid 7327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4999] <... clone resumed>, child_tidptr=0x5555561b25d0) = 7327 [pid 7327] setpgid(0, 0) = 0 [pid 7327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7327] write(3, "1000", 4) = 4 [pid 7327] close(3) = 0 [pid 7327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7327] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7327] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7327] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7328], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7328 [pid 7327] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7327] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7328 attached [pid 7328] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7328] memfd_create("syzkaller", 0) = 3 [pid 7328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7328] munmap(0x7f5464ee2000, 524288) = 0 [pid 7328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7328] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7328] close(3) = 0 [pid 7328] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7328] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7328] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7328] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7328] ioctl(4, LOOP_CLR_FD) = 0 [pid 7328] close(4) = 0 [pid 7328] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7327] <... futex resumed>) = 0 [pid 7327] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7327] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7327] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7327] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7329], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7329 [pid 7327] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7327] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7328] <... futex resumed>) = 1 [pid 7328] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7329 attached [pid 7329] set_robust_list(0x7f5464f619e0, 24 [pid 7328] <... mknodat resumed>) = 0 [pid 7328] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7328] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7329] <... set_robust_list resumed>) = 0 [pid 7329] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7329] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7329] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7329] chdir(".") = 0 [pid 7329] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7327] <... futex resumed>) = 0 [pid 7329] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7327] exit_group(0 [pid 7329] <... futex resumed>) = ? [pid 7328] <... futex resumed>) = ? [pid 7327] <... exit_group resumed>) = ? [pid 7328] +++ exited with 0 +++ [pid 7329] +++ exited with 0 +++ [pid 7327] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7327, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./773", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./773", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./773/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 158.448528][ T7328] loop0: detected capacity change from 0 to 1024 umount2("./773/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./773/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./773/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./773/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./773/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./773/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./773/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./773/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./773") = 0 mkdir("./774", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7330 ./strace-static-x86_64: Process 7330 attached [pid 7330] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7330] chdir("./774") = 0 [pid 7330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7330] setpgid(0, 0) = 0 [pid 7330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7330] write(3, "1000", 4) = 4 [pid 7330] close(3) = 0 [pid 7330] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7330] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7330] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7330] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7331 attached , parent_tid=[7331], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7331 [pid 7330] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7330] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7331] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7331] memfd_create("syzkaller", 0) = 3 [pid 7331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7331] munmap(0x7f5464ee2000, 524288) = 0 [pid 7331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7331] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7331] close(3) = 0 [pid 7331] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7331] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7331] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7331] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7331] ioctl(4, LOOP_CLR_FD) = 0 [pid 7331] close(4) = 0 [pid 7331] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7330] <... futex resumed>) = 0 [pid 7331] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7330] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7331] <... futex resumed>) = 0 [pid 7330] <... futex resumed>) = 1 [pid 7331] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7330] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7330] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7331] <... mknodat resumed>) = 0 [pid 7330] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7331] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7331] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7330] <... clone resumed>, parent_tid=[7332], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7332 ./strace-static-x86_64: Process 7332 attached [pid 7330] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7332] set_robust_list(0x7f5464f619e0, 24 [pid 7330] <... futex resumed>) = 0 [pid 7332] <... set_robust_list resumed>) = 0 [pid 7330] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7332] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7332] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7332] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7332] chdir(".") = 0 [pid 7332] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7330] <... futex resumed>) = 0 [pid 7332] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7330] exit_group(0 [pid 7331] <... futex resumed>) = ? [pid 7330] <... exit_group resumed>) = ? [pid 7331] +++ exited with 0 +++ [pid 7332] <... futex resumed>) = ? [pid 7332] +++ exited with 0 +++ [pid 7330] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7330, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./774", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./774", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./774/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./774/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./774/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./774/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./774/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./774/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./774/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./774/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./774/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./774") = 0 [ 158.565807][ T7331] loop0: detected capacity change from 0 to 1024 mkdir("./775", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7333 ./strace-static-x86_64: Process 7333 attached [pid 7333] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7333] chdir("./775") = 0 [pid 7333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7333] setpgid(0, 0) = 0 [pid 7333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7333] write(3, "1000", 4) = 4 [pid 7333] close(3) = 0 [pid 7333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7333] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7333] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7333] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7334 attached , parent_tid=[7334], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7334 [pid 7333] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7333] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7334] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7334] memfd_create("syzkaller", 0) = 3 [pid 7334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7334] munmap(0x7f5464ee2000, 524288) = 0 [pid 7334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7334] close(3) = 0 [pid 7334] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7334] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7334] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7334] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7334] ioctl(4, LOOP_CLR_FD) = 0 [pid 7334] close(4) = 0 [pid 7334] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7333] <... futex resumed>) = 0 [pid 7333] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7333] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7333] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7333] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7335], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7335 [pid 7333] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7333] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7334] <... futex resumed>) = 1 [pid 7334] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7334] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7334] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7335 attached [pid 7335] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7335] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7335] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7335] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7335] chdir(".") = 0 [pid 7335] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7333] <... futex resumed>) = 0 [pid 7333] exit_group(0 [pid 7334] <... futex resumed>) = ? [pid 7333] <... exit_group resumed>) = ? [pid 7334] +++ exited with 0 +++ [pid 7335] <... futex resumed>) = ? [pid 7335] +++ exited with 0 +++ [pid 7333] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7333, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./775", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./775", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./775/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./775/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./775/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./775/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./775/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./775/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./775/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./775/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./775/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 [ 158.660689][ T7334] loop0: detected capacity change from 0 to 1024 close(3) = 0 rmdir("./775") = 0 mkdir("./776", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7336 ./strace-static-x86_64: Process 7336 attached [pid 7336] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7336] chdir("./776") = 0 [pid 7336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7336] setpgid(0, 0) = 0 [pid 7336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7336] write(3, "1000", 4) = 4 [pid 7336] close(3) = 0 [pid 7336] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7336] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7336] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7336] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7337 attached , parent_tid=[7337], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7337 [pid 7337] set_robust_list(0x7f546d3029e0, 24 [pid 7336] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7337] <... set_robust_list resumed>) = 0 [pid 7336] <... futex resumed>) = 0 [pid 7336] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7337] memfd_create("syzkaller", 0) = 3 [pid 7337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7337] munmap(0x7f5464ee2000, 524288) = 0 [pid 7337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7337] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7337] close(3) = 0 [pid 7337] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7337] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7337] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7337] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7337] ioctl(4, LOOP_CLR_FD) = 0 [pid 7337] close(4) = 0 [pid 7337] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7337] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7336] <... futex resumed>) = 0 [pid 7336] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7337] <... futex resumed>) = 0 [pid 7336] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7337] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7336] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7336] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7338], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7338 [pid 7336] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7336] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7337] <... mknodat resumed>) = 0 [pid 7337] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7337] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7338 attached [pid 7338] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7338] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7338] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7338] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7338] chdir(".") = 0 [pid 7338] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7336] <... futex resumed>) = 0 [pid 7338] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7336] exit_group(0 [pid 7338] <... futex resumed>) = ? [pid 7337] <... futex resumed>) = ? [pid 7336] <... exit_group resumed>) = ? [pid 7338] +++ exited with 0 +++ [pid 7337] +++ exited with 0 +++ [pid 7336] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7336, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./776", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./776", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 158.774328][ T7337] loop0: detected capacity change from 0 to 1024 umount2("./776/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./776/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./776/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./776/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./776/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./776/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./776/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./776/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./776/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./776") = 0 mkdir("./777", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7339 attached , child_tidptr=0x5555561b25d0) = 7339 [pid 7339] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7339] chdir("./777") = 0 [pid 7339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7339] setpgid(0, 0) = 0 [pid 7339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7339] write(3, "1000", 4) = 4 [pid 7339] close(3) = 0 [pid 7339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7339] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7339] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7339] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7340 attached [pid 7340] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7340] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7339] <... clone resumed>, parent_tid=[7340], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7340 [pid 7339] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7340] <... futex resumed>) = 0 [pid 7339] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7340] memfd_create("syzkaller", 0) = 3 [pid 7340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7340] munmap(0x7f5464ee2000, 524288) = 0 [pid 7340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7340] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7340] close(3) = 0 [pid 7340] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7340] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7340] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7340] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7340] ioctl(4, LOOP_CLR_FD) = 0 [pid 7340] close(4) = 0 [pid 7340] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7339] <... futex resumed>) = 0 [pid 7339] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7339] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7339] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7339] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7341], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7341 [pid 7339] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7339] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7340] <... futex resumed>) = 1 [pid 7340] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7340] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7340] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7341 attached [pid 7341] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7341] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7341] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7341] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7341] chdir(".") = 0 [pid 7341] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7339] <... futex resumed>) = 0 [pid 7341] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7339] exit_group(0 [pid 7340] <... futex resumed>) = ? [pid 7339] <... exit_group resumed>) = ? [pid 7341] <... futex resumed>) = ? [pid 7340] +++ exited with 0 +++ [pid 7341] +++ exited with 0 +++ [pid 7339] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7339, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./777", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./777", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./777/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./777/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./777/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./777/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./777/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./777/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 158.878874][ T7340] loop0: detected capacity change from 0 to 1024 umount2("./777/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./777/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./777/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./777") = 0 mkdir("./778", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7342 attached , child_tidptr=0x5555561b25d0) = 7342 [pid 7342] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7342] chdir("./778") = 0 [pid 7342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7342] setpgid(0, 0) = 0 [pid 7342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7342] write(3, "1000", 4) = 4 [pid 7342] close(3) = 0 [pid 7342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7342] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7342] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7342] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7343], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7343 [pid 7342] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7342] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7343 attached [pid 7343] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7343] memfd_create("syzkaller", 0) = 3 [pid 7343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7343] munmap(0x7f5464ee2000, 524288) = 0 [pid 7343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7343] close(3) = 0 [pid 7343] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7343] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7343] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7343] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7343] ioctl(4, LOOP_CLR_FD) = 0 [pid 7343] close(4) = 0 [pid 7343] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7342] <... futex resumed>) = 0 [pid 7342] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7342] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7343] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7342] <... mmap resumed>) = 0x7f5464f41000 [pid 7342] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7342] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7344], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7344 [pid 7342] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7342] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7343] <... mknodat resumed>) = 0 [pid 7343] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7343] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7344 attached [pid 7344] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7344] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7344] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7344] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7344] chdir(".") = 0 [pid 7344] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7342] <... futex resumed>) = 0 [pid 7342] exit_group(0) = ? [pid 7344] <... futex resumed>) = ? [pid 7343] <... futex resumed>) = ? [pid 7344] +++ exited with 0 +++ [pid 7343] +++ exited with 0 +++ [pid 7342] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7342, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./778", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./778", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 158.982100][ T7343] loop0: detected capacity change from 0 to 1024 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./778/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./778/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./778/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./778/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./778/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./778/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./778/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./778/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./778/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./778") = 0 mkdir("./779", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7345 ./strace-static-x86_64: Process 7345 attached [pid 7345] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7345] chdir("./779") = 0 [pid 7345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7345] setpgid(0, 0) = 0 [pid 7345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7345] write(3, "1000", 4) = 4 [pid 7345] close(3) = 0 [pid 7345] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7345] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7345] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7345] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7346 attached [pid 7346] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7346] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7345] <... clone resumed>, parent_tid=[7346], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7346 [pid 7345] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7346] <... futex resumed>) = 0 [pid 7345] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7346] memfd_create("syzkaller", 0) = 3 [pid 7346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7346] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7346] munmap(0x7f5464ee2000, 524288) = 0 [pid 7346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7346] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7346] close(3) = 0 [pid 7346] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7346] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7346] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7346] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7346] ioctl(4, LOOP_CLR_FD) = 0 [pid 7346] close(4) = 0 [pid 7346] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7345] <... futex resumed>) = 0 [pid 7345] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7345] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7346] <... futex resumed>) = 1 [pid 7345] <... mmap resumed>) = 0x7f5464f41000 [pid 7346] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7345] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7345] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7347], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7347 [pid 7345] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7345] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7346] <... mknodat resumed>) = 0 [pid 7346] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7346] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7347 attached [pid 7347] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7347] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7347] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7347] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7347] chdir(".") = 0 [pid 7347] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7345] <... futex resumed>) = 0 [pid 7345] exit_group(0 [pid 7346] <... futex resumed>) = ? [pid 7345] <... exit_group resumed>) = ? [pid 7346] +++ exited with 0 +++ [pid 7347] +++ exited with 0 +++ [pid 7345] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7345, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./779", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./779", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 159.112052][ T7346] loop0: detected capacity change from 0 to 1024 umount2("./779/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./779/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./779/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./779/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./779/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./779/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./779/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./779/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./779/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./779") = 0 mkdir("./780", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7348 ./strace-static-x86_64: Process 7348 attached [pid 7348] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7348] chdir("./780") = 0 [pid 7348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7348] setpgid(0, 0) = 0 [pid 7348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7348] write(3, "1000", 4) = 4 [pid 7348] close(3) = 0 [pid 7348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7348] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7348] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7348] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7349], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7349 [pid 7348] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7348] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7349 attached [pid 7349] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7349] memfd_create("syzkaller", 0) = 3 [pid 7349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7349] munmap(0x7f5464ee2000, 524288) = 0 [pid 7349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7349] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7349] close(3) = 0 [pid 7349] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7349] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7349] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7349] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7349] ioctl(4, LOOP_CLR_FD) = 0 [pid 7349] close(4) = 0 [pid 7349] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7348] <... futex resumed>) = 0 [pid 7349] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7348] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7348] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7348] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7348] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7350], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7350 [pid 7348] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7348] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7349] <... mknodat resumed>) = 0 [pid 7349] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7349] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7350 attached [pid 7350] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7350] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7350] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7350] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7350] chdir(".") = 0 [pid 7350] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7348] <... futex resumed>) = 0 [pid 7350] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7348] exit_group(0) = ? [pid 7350] <... futex resumed>) = ? [pid 7350] +++ exited with 0 +++ [pid 7349] <... futex resumed>) = ? [pid 7349] +++ exited with 0 +++ [pid 7348] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7348, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./780", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./780", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./780/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 159.217764][ T7349] loop0: detected capacity change from 0 to 1024 umount2("./780/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./780/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./780/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./780/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./780/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./780/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./780/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./780/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./780") = 0 mkdir("./781", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7351 ./strace-static-x86_64: Process 7351 attached [pid 7351] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7351] chdir("./781") = 0 [pid 7351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7351] setpgid(0, 0) = 0 [pid 7351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7351] write(3, "1000", 4) = 4 [pid 7351] close(3) = 0 [pid 7351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7351] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7351] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7351] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7352 attached , parent_tid=[7352], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7352 [pid 7352] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7352] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7351] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7352] <... futex resumed>) = 0 [pid 7352] memfd_create("syzkaller", 0) = 3 [pid 7352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7351] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7352] <... mmap resumed>) = 0x7f5464ee2000 [pid 7352] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7352] munmap(0x7f5464ee2000, 524288) = 0 [pid 7352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7352] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7352] close(3) = 0 [pid 7352] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7352] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7352] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7352] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7352] ioctl(4, LOOP_CLR_FD) = 0 [pid 7352] close(4) = 0 [pid 7352] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7352] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7351] <... futex resumed>) = 0 [pid 7351] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7351] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7352] <... futex resumed>) = 0 [pid 7352] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7351] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7351] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7353], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7353 [pid 7351] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7351] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7352] <... mknodat resumed>) = 0 [pid 7352] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7352] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7353 attached [pid 7353] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7353] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7353] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7353] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7353] chdir(".") = 0 [pid 7353] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7351] <... futex resumed>) = 0 [pid 7353] <... futex resumed>) = 1 [pid 7351] exit_group(0 [pid 7352] <... futex resumed>) = ? [pid 7351] <... exit_group resumed>) = ? [pid 7352] +++ exited with 0 +++ [pid 7353] +++ exited with 0 +++ [pid 7351] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7351, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./781", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./781", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./781/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./781/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./781/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./781/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./781/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 159.327791][ T7352] loop0: detected capacity change from 0 to 1024 rmdir("./781/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./781/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./781/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./781/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./781") = 0 mkdir("./782", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7354 ./strace-static-x86_64: Process 7354 attached [pid 7354] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7354] chdir("./782") = 0 [pid 7354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7354] setpgid(0, 0) = 0 [pid 7354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7354] write(3, "1000", 4) = 4 [pid 7354] close(3) = 0 [pid 7354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7354] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7354] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7354] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7355 attached , parent_tid=[7355], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7355 [pid 7355] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7355] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7354] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7355] <... futex resumed>) = 0 [pid 7354] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7355] memfd_create("syzkaller", 0) = 3 [pid 7355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7355] munmap(0x7f5464ee2000, 524288) = 0 [pid 7355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7355] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7355] close(3) = 0 [pid 7355] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7355] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7355] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7355] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7355] ioctl(4, LOOP_CLR_FD) = 0 [pid 7355] close(4) = 0 [pid 7355] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7354] <... futex resumed>) = 0 [pid 7355] <... futex resumed>) = 1 [pid 7354] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7355] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7354] <... futex resumed>) = 0 [pid 7354] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7354] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7354] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7356 attached , parent_tid=[7356], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7356 [pid 7354] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7356] set_robust_list(0x7f5464f619e0, 24 [pid 7354] <... futex resumed>) = 0 [pid 7354] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7356] <... set_robust_list resumed>) = 0 [pid 7356] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7356] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7355] <... mknodat resumed>) = 0 [pid 7355] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7355] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7356] <... mount resumed>) = 0 [pid 7356] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7356] chdir(".") = 0 [pid 7356] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7354] <... futex resumed>) = 0 [pid 7356] <... futex resumed>) = 1 [pid 7354] exit_group(0) = ? [pid 7355] <... futex resumed>) = ? [pid 7355] +++ exited with 0 +++ [pid 7356] +++ exited with 0 +++ [pid 7354] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7354, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./782", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./782", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 159.439620][ T7355] loop0: detected capacity change from 0 to 1024 umount2("./782/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./782/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./782/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./782/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./782/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./782/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./782/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./782/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./782/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./782") = 0 mkdir("./783", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7357 ./strace-static-x86_64: Process 7357 attached [pid 7357] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7357] chdir("./783") = 0 [pid 7357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7357] setpgid(0, 0) = 0 [pid 7357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7357] write(3, "1000", 4) = 4 [pid 7357] close(3) = 0 [pid 7357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7357] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7357] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7357] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7358 attached [pid 7358] set_robust_list(0x7f546d3029e0, 24 [pid 7357] <... clone resumed>, parent_tid=[7358], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7358 [pid 7358] <... set_robust_list resumed>) = 0 [pid 7358] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7357] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7357] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7358] <... futex resumed>) = 0 [pid 7358] memfd_create("syzkaller", 0) = 3 [pid 7358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7358] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7358] munmap(0x7f5464ee2000, 524288) = 0 [pid 7358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7358] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7358] close(3) = 0 [pid 7358] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7358] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7358] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7358] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7358] ioctl(4, LOOP_CLR_FD) = 0 [pid 7358] close(4) = 0 [pid 7358] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7357] <... futex resumed>) = 0 [pid 7357] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7357] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7358] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7357] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7357] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7359], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7359 [pid 7357] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7357] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7359 attached [pid 7359] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7359] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7359] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7358] <... mknodat resumed>) = 0 [pid 7358] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7359] <... mount resumed>) = 0 [pid 7359] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7359] chdir(".") = 0 [pid 7359] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7357] <... futex resumed>) = 0 [pid 7359] <... futex resumed>) = 1 [pid 7358] <... futex resumed>) = 0 [pid 7359] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7357] exit_group(0 [pid 7359] <... futex resumed>) = ? [pid 7357] <... exit_group resumed>) = ? [pid 7359] +++ exited with 0 +++ [pid 7358] +++ exited with 0 +++ [pid 7357] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7357, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./783", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./783", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 159.565957][ T7358] loop0: detected capacity change from 0 to 1024 umount2("./783/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./783/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./783/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./783/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./783/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./783/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./783/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./783/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./783/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./783") = 0 mkdir("./784", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7360 ./strace-static-x86_64: Process 7360 attached [pid 7360] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7360] chdir("./784") = 0 [pid 7360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7360] setpgid(0, 0) = 0 [pid 7360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7360] write(3, "1000", 4) = 4 [pid 7360] close(3) = 0 [pid 7360] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7360] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7360] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7360] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7361 attached [pid 7361] set_robust_list(0x7f546d3029e0, 24 [pid 7360] <... clone resumed>, parent_tid=[7361], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7361 [pid 7361] <... set_robust_list resumed>) = 0 [pid 7360] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7361] memfd_create("syzkaller", 0 [pid 7360] <... futex resumed>) = 0 [pid 7360] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7361] <... memfd_create resumed>) = 3 [pid 7361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7361] munmap(0x7f5464ee2000, 524288) = 0 [pid 7361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7361] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7361] close(3) = 0 [pid 7361] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7361] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7361] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7361] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7361] ioctl(4, LOOP_CLR_FD) = 0 [pid 7361] close(4) = 0 [pid 7361] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7360] <... futex resumed>) = 0 [pid 7360] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7360] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7360] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7360] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7362], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7362 [pid 7360] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7360] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7361] <... futex resumed>) = 1 [pid 7361] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7361] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7361] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7362 attached [pid 7362] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7362] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7362] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7362] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7362] chdir(".") = 0 [pid 7362] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7360] <... futex resumed>) = 0 [pid 7360] exit_group(0 [pid 7361] <... futex resumed>) = ? [pid 7360] <... exit_group resumed>) = ? [pid 7361] +++ exited with 0 +++ [pid 7362] +++ exited with 0 +++ [pid 7360] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7360, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./784", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./784", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 159.673404][ T7361] loop0: detected capacity change from 0 to 1024 umount2("./784/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./784/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./784/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./784/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./784/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./784/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./784/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./784/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./784/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./784") = 0 mkdir("./785", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7363 ./strace-static-x86_64: Process 7363 attached [pid 7363] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7363] chdir("./785") = 0 [pid 7363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7363] setpgid(0, 0) = 0 [pid 7363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7363] write(3, "1000", 4) = 4 [pid 7363] close(3) = 0 [pid 7363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7363] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7363] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7363] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7364], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7364 [pid 7363] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7363] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7364 attached [pid 7364] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7364] memfd_create("syzkaller", 0) = 3 [pid 7364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7364] munmap(0x7f5464ee2000, 524288) = 0 [pid 7364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7364] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7364] close(3) = 0 [pid 7364] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7364] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7364] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7364] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7364] ioctl(4, LOOP_CLR_FD) = 0 [pid 7364] close(4) = 0 [pid 7364] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7363] <... futex resumed>) = 0 [pid 7363] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7363] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7363] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7363] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7365], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7365 [pid 7363] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7363] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7364] <... futex resumed>) = 1 [pid 7364] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7364] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7364] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7365 attached [pid 7365] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7365] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7365] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7365] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7365] chdir(".") = 0 [pid 7365] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7363] <... futex resumed>) = 0 [pid 7363] exit_group(0) = ? [pid 7364] <... futex resumed>) = ? [pid 7364] +++ exited with 0 +++ [pid 7365] +++ exited with 0 +++ [pid 7363] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7363, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./785", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./785", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 159.770562][ T7364] loop0: detected capacity change from 0 to 1024 umount2("./785/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./785/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./785/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./785/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./785/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./785/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./785/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./785/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./785/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./785") = 0 mkdir("./786", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7366 ./strace-static-x86_64: Process 7366 attached [pid 7366] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7366] chdir("./786") = 0 [pid 7366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7366] setpgid(0, 0) = 0 [pid 7366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7366] write(3, "1000", 4) = 4 [pid 7366] close(3) = 0 [pid 7366] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7366] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7366] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7366] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7367], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7367 [pid 7366] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7366] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7367 attached [pid 7367] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7367] memfd_create("syzkaller", 0) = 3 [pid 7367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7367] munmap(0x7f5464ee2000, 524288) = 0 [pid 7367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7367] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7367] close(3) = 0 [pid 7367] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7367] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7367] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7367] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7367] ioctl(4, LOOP_CLR_FD) = 0 [pid 7367] close(4) = 0 [pid 7367] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7366] <... futex resumed>) = 0 [pid 7366] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7367] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7366] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7366] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7366] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7368 attached , parent_tid=[7368], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7368 [pid 7367] <... mknodat resumed>) = 0 [pid 7366] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7367] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7366] <... futex resumed>) = 0 [pid 7367] <... futex resumed>) = 0 [pid 7366] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7367] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7368] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7368] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7368] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [ 159.893354][ T7367] loop0: detected capacity change from 0 to 1024 [pid 7368] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7368] chdir(".") = 0 [pid 7368] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7366] <... futex resumed>) = 0 [pid 7368] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7366] exit_group(0 [pid 7368] <... futex resumed>) = ? [pid 7367] <... futex resumed>) = ? [pid 7366] <... exit_group resumed>) = ? [pid 7368] +++ exited with 0 +++ [pid 7367] +++ exited with 0 +++ [pid 7366] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7366, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./786", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./786", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./786/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./786/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./786/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./786/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./786/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./786/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./786/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./786/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./786/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./786") = 0 mkdir("./787", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7369 ./strace-static-x86_64: Process 7369 attached [pid 7369] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7369] chdir("./787") = 0 [pid 7369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7369] setpgid(0, 0) = 0 [pid 7369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7369] write(3, "1000", 4) = 4 [pid 7369] close(3) = 0 [pid 7369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7369] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7369] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7369] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7370 attached , parent_tid=[7370], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7370 [pid 7370] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7370] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7369] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7370] <... futex resumed>) = 0 [pid 7369] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7370] memfd_create("syzkaller", 0) = 3 [pid 7370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7370] munmap(0x7f5464ee2000, 524288) = 0 [pid 7370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7370] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7370] close(3) = 0 [pid 7370] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7370] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7370] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7370] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7370] ioctl(4, LOOP_CLR_FD) = 0 [pid 7370] close(4) = 0 [pid 7370] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7369] <... futex resumed>) = 0 [pid 7369] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7369] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7369] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7369] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7371], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7371 [pid 7369] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7369] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7370] <... futex resumed>) = 1 [pid 7370] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7370] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7370] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7371 attached [pid 7371] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7371] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7371] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7371] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7371] chdir(".") = 0 [pid 7371] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7369] <... futex resumed>) = 0 [pid 7369] exit_group(0) = ? [pid 7370] <... futex resumed>) = ? [pid 7370] +++ exited with 0 +++ [pid 7371] +++ exited with 0 +++ [pid 7369] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7369, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./787", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./787", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./787/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./787/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./787/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./787/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./787/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 160.033078][ T7370] loop0: detected capacity change from 0 to 1024 rmdir("./787/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./787/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./787/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./787/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./787") = 0 mkdir("./788", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7372 ./strace-static-x86_64: Process 7372 attached [pid 7372] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7372] chdir("./788") = 0 [pid 7372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7372] setpgid(0, 0) = 0 [pid 7372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7372] write(3, "1000", 4) = 4 [pid 7372] close(3) = 0 [pid 7372] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7372] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7372] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7372] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7373], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7373 ./strace-static-x86_64: Process 7373 attached [pid 7373] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7372] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7373] memfd_create("syzkaller", 0) = 3 [pid 7372] <... futex resumed>) = 0 [pid 7373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7372] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7373] munmap(0x7f5464ee2000, 524288) = 0 [pid 7373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7373] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7373] close(3) = 0 [pid 7373] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7373] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7373] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7373] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7373] ioctl(4, LOOP_CLR_FD) = 0 [pid 7373] close(4) = 0 [pid 7373] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7373] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7372] <... futex resumed>) = 0 [pid 7372] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7373] <... futex resumed>) = 0 [pid 7372] <... futex resumed>) = 1 [pid 7373] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7372] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7372] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7372] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7374], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7374 [pid 7373] <... mknodat resumed>) = 0 [pid 7372] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7373] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7372] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7373] <... futex resumed>) = 0 [pid 7373] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7374 attached [pid 7374] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7374] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7374] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7374] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7374] chdir(".") = 0 [pid 7374] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7372] <... futex resumed>) = 0 [pid 7374] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7372] exit_group(0 [pid 7374] <... futex resumed>) = ? [pid 7373] <... futex resumed>) = ? [pid 7372] <... exit_group resumed>) = ? [pid 7374] +++ exited with 0 +++ [pid 7373] +++ exited with 0 +++ [pid 7372] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7372, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./788", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./788", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 160.138507][ T7373] loop0: detected capacity change from 0 to 1024 umount2("./788/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./788/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./788/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./788/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./788/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./788/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./788/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./788/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./788/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./788") = 0 mkdir("./789", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7375 ./strace-static-x86_64: Process 7375 attached [pid 7375] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7375] chdir("./789") = 0 [pid 7375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7375] setpgid(0, 0) = 0 [pid 7375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7375] write(3, "1000", 4) = 4 [pid 7375] close(3) = 0 [pid 7375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7375] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7375] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7375] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7376 attached , parent_tid=[7376], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7376 [pid 7376] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7376] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7375] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7376] <... futex resumed>) = 0 [pid 7375] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7376] memfd_create("syzkaller", 0) = 3 [pid 7376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7376] munmap(0x7f5464ee2000, 524288) = 0 [pid 7376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7376] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7376] close(3) = 0 [pid 7376] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7376] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7376] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7376] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7376] ioctl(4, LOOP_CLR_FD) = 0 [pid 7376] close(4) = 0 [pid 7376] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7375] <... futex resumed>) = 0 [pid 7375] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7375] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7375] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7375] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7377], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7377 [pid 7375] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7375] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7376] <... futex resumed>) = 1 [pid 7376] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7376] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7376] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7377 attached [pid 7377] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7377] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7377] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7377] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7377] chdir(".") = 0 [pid 7377] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7375] <... futex resumed>) = 0 [pid 7375] exit_group(0 [pid 7376] <... futex resumed>) = ? [pid 7375] <... exit_group resumed>) = ? [pid 7376] +++ exited with 0 +++ [pid 7377] <... futex resumed>) = ? [pid 7377] +++ exited with 0 +++ [pid 7375] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7375, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./789", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./789", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./789/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./789/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./789/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./789/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./789/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./789/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./789/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./789/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./789/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 [ 160.252732][ T7376] loop0: detected capacity change from 0 to 1024 close(3) = 0 rmdir("./789") = 0 mkdir("./790", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7378 ./strace-static-x86_64: Process 7378 attached [pid 7378] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7378] chdir("./790") = 0 [pid 7378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7378] setpgid(0, 0) = 0 [pid 7378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7378] write(3, "1000", 4) = 4 [pid 7378] close(3) = 0 [pid 7378] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7378] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7378] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7378] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7379 attached , parent_tid=[7379], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7379 [pid 7379] set_robust_list(0x7f546d3029e0, 24 [pid 7378] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7379] <... set_robust_list resumed>) = 0 [pid 7378] <... futex resumed>) = 0 [pid 7378] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7379] memfd_create("syzkaller", 0) = 3 [pid 7379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7379] munmap(0x7f5464ee2000, 524288) = 0 [pid 7379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7379] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7379] close(3) = 0 [pid 7379] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7379] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7379] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7379] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7379] ioctl(4, LOOP_CLR_FD) = 0 [pid 7379] close(4) = 0 [pid 7379] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7378] <... futex resumed>) = 0 [pid 7379] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7378] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7378] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7378] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7378] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7380], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7380 [pid 7378] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7378] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7380 attached [pid 7380] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7379] <... mknodat resumed>) = 0 [pid 7379] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7379] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7380] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7380] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7380] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7380] chdir(".") = 0 [pid 7380] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7378] <... futex resumed>) = 0 [pid 7380] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7378] exit_group(0 [pid 7380] <... futex resumed>) = ? [pid 7378] <... exit_group resumed>) = ? [pid 7379] <... futex resumed>) = ? [pid 7380] +++ exited with 0 +++ [pid 7379] +++ exited with 0 +++ [pid 7378] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7378, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./790", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./790", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./790/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./790/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 160.340669][ T7379] loop0: detected capacity change from 0 to 1024 lstat("./790/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./790/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./790/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./790/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./790/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./790/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./790/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./790") = 0 mkdir("./791", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7381 ./strace-static-x86_64: Process 7381 attached [pid 7381] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7381] chdir("./791") = 0 [pid 7381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7381] setpgid(0, 0) = 0 [pid 7381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7381] write(3, "1000", 4) = 4 [pid 7381] close(3) = 0 [pid 7381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7381] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7381] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7381] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7382 attached , parent_tid=[7382], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7382 [pid 7381] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7381] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7382] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7382] memfd_create("syzkaller", 0) = 3 [pid 7382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7382] munmap(0x7f5464ee2000, 524288) = 0 [pid 7382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7382] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7382] close(3) = 0 [pid 7382] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7382] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7382] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7382] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7382] ioctl(4, LOOP_CLR_FD) = 0 [pid 7382] close(4) = 0 [pid 7382] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7381] <... futex resumed>) = 0 [pid 7382] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7381] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7381] <... futex resumed>) = 0 [pid 7382] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7381] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7382] <... mknodat resumed>) = 0 [pid 7381] <... futex resumed>) = 0 [pid 7382] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7382] <... futex resumed>) = 0 [pid 7381] <... mmap resumed>) = 0x7f5464f41000 [pid 7381] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7382] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7381] <... mprotect resumed>) = 0 [pid 7381] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7383], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7383 [pid 7381] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7381] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7383 attached [pid 7383] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7383] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7383] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7383] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7383] chdir(".") = 0 [pid 7383] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7381] <... futex resumed>) = 0 [pid 7383] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7381] exit_group(0 [pid 7382] <... futex resumed>) = ? [pid 7381] <... exit_group resumed>) = ? [pid 7383] <... futex resumed>) = ? [pid 7382] +++ exited with 0 +++ [pid 7383] +++ exited with 0 +++ [pid 7381] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7381, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./791", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./791", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 160.453424][ T7382] loop0: detected capacity change from 0 to 1024 umount2("./791/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./791/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./791/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./791/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./791/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./791/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./791/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./791/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./791/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./791") = 0 mkdir("./792", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7384 ./strace-static-x86_64: Process 7384 attached [pid 7384] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7384] chdir("./792") = 0 [pid 7384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7384] setpgid(0, 0) = 0 [pid 7384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7384] write(3, "1000", 4) = 4 [pid 7384] close(3) = 0 [pid 7384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7384] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7384] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7384] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7385], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7385 [pid 7384] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7384] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7385 attached [pid 7385] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7385] memfd_create("syzkaller", 0) = 3 [pid 7385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7385] munmap(0x7f5464ee2000, 524288) = 0 [pid 7385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7385] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7385] close(3) = 0 [pid 7385] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7385] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7385] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7385] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7385] ioctl(4, LOOP_CLR_FD) = 0 [pid 7385] close(4) = 0 [pid 7385] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7385] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7384] <... futex resumed>) = 0 [pid 7384] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7384] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7385] <... futex resumed>) = 0 [pid 7384] <... mmap resumed>) = 0x7f5464f41000 [pid 7385] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7384] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7384] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7386], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7386 [pid 7384] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7385] <... mknodat resumed>) = 0 [pid 7384] <... futex resumed>) = 0 [pid 7384] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7385] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7385] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7386 attached [pid 7386] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7386] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7386] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7386] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7386] chdir(".") = 0 [pid 7386] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7384] <... futex resumed>) = 0 [pid 7384] exit_group(0 [pid 7386] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7384] <... exit_group resumed>) = ? [pid 7386] <... futex resumed>) = ? [pid 7385] <... futex resumed>) = ? [pid 7385] +++ exited with 0 +++ [pid 7386] +++ exited with 0 +++ [pid 7384] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7384, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./792", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./792", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./792/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./792/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./792/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./792/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./792/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 [ 160.570176][ T7385] loop0: detected capacity change from 0 to 1024 close(4) = 0 rmdir("./792/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./792/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./792/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./792/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./792") = 0 mkdir("./793", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7387 ./strace-static-x86_64: Process 7387 attached [pid 7387] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7387] chdir("./793") = 0 [pid 7387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7387] setpgid(0, 0) = 0 [pid 7387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7387] write(3, "1000", 4) = 4 [pid 7387] close(3) = 0 [pid 7387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7387] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7387] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7387] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7388], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7388 ./strace-static-x86_64: Process 7388 attached [pid 7388] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7388] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7387] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7388] <... futex resumed>) = 0 [pid 7387] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7388] memfd_create("syzkaller", 0) = 3 [pid 7388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7388] munmap(0x7f5464ee2000, 524288) = 0 [pid 7388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7388] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7388] close(3) = 0 [pid 7388] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7388] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7388] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7388] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7388] ioctl(4, LOOP_CLR_FD) = 0 [pid 7388] close(4) = 0 [pid 7388] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7387] <... futex resumed>) = 0 [pid 7387] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7387] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7387] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7387] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7389], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7389 [pid 7387] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 7389 attached [pid 7388] <... futex resumed>) = 1 [pid 7387] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7388] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7389] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7389] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7389] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7388] <... mknodat resumed>) = 0 [pid 7388] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7389] <... mount resumed>) = 0 [pid 7389] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7388] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7389] chdir(".") = 0 [pid 7389] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7387] <... futex resumed>) = 0 [pid 7387] exit_group(0) = ? [pid 7388] <... futex resumed>) = ? [pid 7389] <... futex resumed>) = ? [pid 7389] +++ exited with 0 +++ [pid 7388] +++ exited with 0 +++ [pid 7387] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7387, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./793", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./793", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 160.673158][ T7388] loop0: detected capacity change from 0 to 1024 umount2("./793/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./793/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./793/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./793/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./793/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./793/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./793/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./793/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./793/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./793") = 0 mkdir("./794", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7390 ./strace-static-x86_64: Process 7390 attached [pid 7390] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7390] chdir("./794") = 0 [pid 7390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7390] setpgid(0, 0) = 0 [pid 7390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7390] write(3, "1000", 4) = 4 [pid 7390] close(3) = 0 [pid 7390] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7390] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7390] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7390] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7391 attached , parent_tid=[7391], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7391 [pid 7391] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7391] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7390] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7391] <... futex resumed>) = 0 [pid 7390] <... futex resumed>) = 1 [pid 7390] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7391] memfd_create("syzkaller", 0) = 3 [pid 7391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7391] munmap(0x7f5464ee2000, 524288) = 0 [pid 7391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7391] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7391] close(3) = 0 [pid 7391] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7391] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7391] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7391] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7391] ioctl(4, LOOP_CLR_FD) = 0 [pid 7391] close(4) = 0 [pid 7391] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7390] <... futex resumed>) = 0 [pid 7391] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7390] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7390] <... futex resumed>) = 0 [pid 7391] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7390] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7390] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7391] <... mknodat resumed>) = 0 [pid 7390] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7392 attached , parent_tid=[7392], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7392 [pid 7392] set_robust_list(0x7f5464f619e0, 24 [pid 7390] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7392] <... set_robust_list resumed>) = 0 [pid 7391] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7390] <... futex resumed>) = 0 [pid 7392] mkdir(".", 0777 [pid 7391] <... futex resumed>) = 0 [pid 7390] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7392] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7392] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7391] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7392] <... mount resumed>) = 0 [pid 7392] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7392] chdir(".") = 0 [pid 7392] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7390] <... futex resumed>) = 0 [pid 7392] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7390] exit_group(0 [pid 7392] <... futex resumed>) = ? [pid 7391] <... futex resumed>) = ? [pid 7390] <... exit_group resumed>) = ? [pid 7392] +++ exited with 0 +++ [pid 7391] +++ exited with 0 +++ [pid 7390] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7390, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./794", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./794", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 160.787370][ T7391] loop0: detected capacity change from 0 to 1024 umount2("./794/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./794/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./794/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./794/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./794/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./794/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./794/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./794/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./794/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./794") = 0 mkdir("./795", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7393 ./strace-static-x86_64: Process 7393 attached [pid 7393] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7393] chdir("./795") = 0 [pid 7393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7393] setpgid(0, 0) = 0 [pid 7393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7393] write(3, "1000", 4) = 4 [pid 7393] close(3) = 0 [pid 7393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7393] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7393] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7393] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7394 attached [pid 7394] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7394] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7393] <... clone resumed>, parent_tid=[7394], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7394 [pid 7393] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7394] <... futex resumed>) = 0 [pid 7393] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7394] memfd_create("syzkaller", 0) = 3 [pid 7394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7394] munmap(0x7f5464ee2000, 524288) = 0 [pid 7394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7394] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7394] close(3) = 0 [pid 7394] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7394] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7394] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7394] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7394] ioctl(4, LOOP_CLR_FD) = 0 [pid 7394] close(4) = 0 [pid 7394] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7393] <... futex resumed>) = 0 [pid 7393] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7393] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7394] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7393] <... mmap resumed>) = 0x7f5464f41000 [pid 7393] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7393] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7395], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7395 [pid 7393] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7393] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7394] <... mknodat resumed>) = 0 [pid 7394] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 7395 attached [pid 7394] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7395] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7395] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7395] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7395] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7395] chdir(".") = 0 [pid 7395] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7393] <... futex resumed>) = 0 [pid 7393] exit_group(0) = ? [pid 7394] <... futex resumed>) = ? [pid 7394] +++ exited with 0 +++ [pid 7395] +++ exited with 0 +++ [pid 7393] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7393, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./795", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./795", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./795/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./795/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./795/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./795/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./795/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 160.906282][ T7394] loop0: detected capacity change from 0 to 1024 rmdir("./795/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./795/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./795/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./795/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./795") = 0 mkdir("./796", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7396 ./strace-static-x86_64: Process 7396 attached [pid 7396] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7396] chdir("./796") = 0 [pid 7396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7396] setpgid(0, 0) = 0 [pid 7396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7396] write(3, "1000", 4) = 4 [pid 7396] close(3) = 0 [pid 7396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7396] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7396] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7396] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7397], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7397 [pid 7396] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7396] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7397 attached [pid 7397] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7397] memfd_create("syzkaller", 0) = 3 [pid 7397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7397] munmap(0x7f5464ee2000, 524288) = 0 [pid 7397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7397] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7397] close(3) = 0 [pid 7397] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7397] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7397] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7397] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7397] ioctl(4, LOOP_CLR_FD) = 0 [pid 7397] close(4) = 0 [pid 7397] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7396] <... futex resumed>) = 0 [pid 7397] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7396] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7396] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7396] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7396] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7398], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7398 [pid 7396] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7396] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7398 attached [pid 7397] <... mknodat resumed>) = 0 [pid 7398] set_robust_list(0x7f5464f619e0, 24 [pid 7397] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7398] <... set_robust_list resumed>) = 0 [pid 7397] <... futex resumed>) = 0 [pid 7398] mkdir(".", 0777 [pid 7397] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7398] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7398] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7398] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7398] chdir(".") = 0 [pid 7398] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7396] <... futex resumed>) = 0 [pid 7398] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7396] exit_group(0) = ? [pid 7397] <... futex resumed>) = ? [pid 7397] +++ exited with 0 +++ [pid 7398] <... futex resumed>) = ? [pid 7398] +++ exited with 0 +++ [pid 7396] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7396, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./796", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./796", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./796/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./796/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./796/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./796/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./796/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./796/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./796/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./796/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./796/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./796") = 0 mkdir("./797", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 160.998549][ T7397] loop0: detected capacity change from 0 to 1024 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7399 attached [pid 7399] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7399] chdir("./797") = 0 [pid 7399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7399] setpgid(0, 0) = 0 [pid 7399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7399] write(3, "1000", 4) = 4 [pid 7399] close(3) = 0 [pid 7399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7399] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7399] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7399] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7400], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7400 [pid 7399] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7399] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7400 attached [pid 7400] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7400] memfd_create("syzkaller", 0) = 3 [pid 7400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 4999] <... clone resumed>, child_tidptr=0x5555561b25d0) = 7399 [pid 7400] <... mmap resumed>) = 0x7f5464ee2000 [pid 7400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7400] munmap(0x7f5464ee2000, 524288) = 0 [pid 7400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7400] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7400] close(3) = 0 [pid 7400] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7400] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7400] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7400] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7400] ioctl(4, LOOP_CLR_FD) = 0 [pid 7400] close(4) = 0 [pid 7400] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7399] <... futex resumed>) = 0 [pid 7399] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7399] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7399] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7399] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7401 attached , parent_tid=[7401], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7401 [pid 7399] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7399] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7400] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7400] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7401] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7401] mkdir(".", 0777 [pid 7400] <... futex resumed>) = 0 [pid 7401] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7400] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7401] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7401] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7401] chdir(".") = 0 [pid 7401] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7399] <... futex resumed>) = 0 [pid 7399] exit_group(0) = ? [pid 7400] <... futex resumed>) = ? [pid 7400] +++ exited with 0 +++ [pid 7401] <... futex resumed>) = ? [ 161.100113][ T7400] loop0: detected capacity change from 0 to 1024 [pid 7401] +++ exited with 0 +++ [pid 7399] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7399, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./797", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./797", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./797/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./797/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./797/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./797/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./797/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./797/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./797/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./797/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./797/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./797") = 0 mkdir("./798", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7402 ./strace-static-x86_64: Process 7402 attached [pid 7402] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7402] chdir("./798") = 0 [pid 7402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7402] setpgid(0, 0) = 0 [pid 7402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7402] write(3, "1000", 4) = 4 [pid 7402] close(3) = 0 [pid 7402] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7402] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7402] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7402] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7403], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7403 [pid 7402] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7402] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7403 attached [pid 7403] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7403] memfd_create("syzkaller", 0) = 3 [pid 7403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7403] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7403] munmap(0x7f5464ee2000, 524288) = 0 [pid 7403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7403] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7403] close(3) = 0 [pid 7403] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7403] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7403] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7403] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7403] ioctl(4, LOOP_CLR_FD) = 0 [pid 7403] close(4) = 0 [pid 7403] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7402] <... futex resumed>) = 0 [pid 7402] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7402] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7402] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7402] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7404], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7404 [pid 7402] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7402] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7403] <... futex resumed>) = 1 [pid 7403] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7404 attached [pid 7404] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7404] mkdir(".", 0777 [pid 7403] <... mknodat resumed>) = 0 [pid 7403] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7403] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7404] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7404] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7404] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7404] chdir(".") = 0 [pid 7404] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7402] <... futex resumed>) = 0 [pid 7404] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7402] exit_group(0 [pid 7404] <... futex resumed>) = ? [pid 7403] <... futex resumed>) = ? [pid 7402] <... exit_group resumed>) = ? [pid 7404] +++ exited with 0 +++ [pid 7403] +++ exited with 0 +++ [pid 7402] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7402, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./798", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./798", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./798/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./798/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 161.245594][ T7403] loop0: detected capacity change from 0 to 1024 lstat("./798/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./798/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./798/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./798/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./798/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./798/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./798/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./798") = 0 mkdir("./799", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7405 ./strace-static-x86_64: Process 7405 attached [pid 7405] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7405] chdir("./799") = 0 [pid 7405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7405] setpgid(0, 0) = 0 [pid 7405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7405] write(3, "1000", 4) = 4 [pid 7405] close(3) = 0 [pid 7405] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7405] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7405] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7405] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7406 attached , parent_tid=[7406], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7406 [pid 7406] set_robust_list(0x7f546d3029e0, 24 [pid 7405] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7405] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7406] <... set_robust_list resumed>) = 0 [pid 7406] memfd_create("syzkaller", 0) = 3 [pid 7406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7406] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7406] munmap(0x7f5464ee2000, 524288) = 0 [pid 7406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7406] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7406] close(3) = 0 [pid 7406] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7406] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7406] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7406] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7406] ioctl(4, LOOP_CLR_FD) = 0 [pid 7406] close(4) = 0 [pid 7406] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7405] <... futex resumed>) = 0 [pid 7405] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7405] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7405] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7405] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7407], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7407 [pid 7405] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7405] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7406] <... futex resumed>) = 1 [pid 7406] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7406] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7406] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7407 attached [pid 7407] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7407] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7407] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7407] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7407] chdir(".") = 0 [pid 7407] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7405] <... futex resumed>) = 0 [pid 7407] <... futex resumed>) = 1 [pid 7405] exit_group(0 [pid 7407] ???( [pid 7405] <... exit_group resumed>) = ? [pid 7407] <... ??? resumed>) = ? [pid 7406] <... futex resumed>) = ? [pid 7407] +++ exited with 0 +++ [pid 7406] +++ exited with 0 +++ [pid 7405] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7405, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./799", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./799", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 161.352440][ T7406] loop0: detected capacity change from 0 to 1024 umount2("./799/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./799/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./799/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./799/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./799/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./799/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./799/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./799/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./799/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./799") = 0 mkdir("./800", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7408 ./strace-static-x86_64: Process 7408 attached [pid 7408] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7408] chdir("./800") = 0 [pid 7408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7408] setpgid(0, 0) = 0 [pid 7408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7408] write(3, "1000", 4) = 4 [pid 7408] close(3) = 0 [pid 7408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7408] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7408] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7408] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7409 attached , parent_tid=[7409], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7409 [pid 7409] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7409] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7408] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7409] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7408] <... futex resumed>) = 0 [pid 7408] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7409] memfd_create("syzkaller", 0) = 3 [pid 7409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7409] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7409] munmap(0x7f5464ee2000, 524288) = 0 [pid 7409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7409] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7409] close(3) = 0 [pid 7409] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7409] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7409] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7409] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7409] ioctl(4, LOOP_CLR_FD) = 0 [pid 7409] close(4) = 0 [pid 7409] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7408] <... futex resumed>) = 0 [pid 7408] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7408] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7409] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7408] <... mmap resumed>) = 0x7f5464f41000 [pid 7408] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7408] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7410], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7410 [pid 7408] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7408] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7409] <... mknodat resumed>) = 0 [pid 7409] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7409] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7410 attached [pid 7410] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7410] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7410] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7410] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7410] chdir(".") = 0 [pid 7410] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7408] <... futex resumed>) = 0 [pid 7410] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7408] exit_group(0 [pid 7410] <... futex resumed>) = ? [pid 7408] <... exit_group resumed>) = ? [pid 7409] <... futex resumed>) = ? [pid 7409] +++ exited with 0 +++ [pid 7410] +++ exited with 0 +++ [pid 7408] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7408, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./800", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./800", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./800/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./800/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./800/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./800/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./800/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 [ 161.495493][ T7409] loop0: detected capacity change from 0 to 1024 close(4) = 0 rmdir("./800/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./800/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./800/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./800/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./800") = 0 mkdir("./801", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7411 ./strace-static-x86_64: Process 7411 attached [pid 7411] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7411] chdir("./801") = 0 [pid 7411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7411] setpgid(0, 0) = 0 [pid 7411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7411] write(3, "1000", 4) = 4 [pid 7411] close(3) = 0 [pid 7411] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7411] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7411] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7411] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7412], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7412 [pid 7411] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7411] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7412 attached [pid 7412] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7412] memfd_create("syzkaller", 0) = 3 [pid 7412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7412] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7412] munmap(0x7f5464ee2000, 524288) = 0 [pid 7412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7412] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7412] close(3) = 0 [pid 7412] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7412] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7412] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7412] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7412] ioctl(4, LOOP_CLR_FD) = 0 [pid 7412] close(4) = 0 [pid 7412] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7411] <... futex resumed>) = 0 [pid 7411] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7411] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7412] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7411] <... mmap resumed>) = 0x7f5464f41000 [pid 7411] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7411] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7413 attached [pid 7413] set_robust_list(0x7f5464f619e0, 24 [pid 7411] <... clone resumed>, parent_tid=[7413], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7413 [pid 7413] <... set_robust_list resumed>) = 0 [pid 7411] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7413] mkdir(".", 0777 [pid 7411] <... futex resumed>) = 0 [pid 7413] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7411] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7413] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7412] <... mknodat resumed>) = 0 [pid 7412] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7413] <... mount resumed>) = 0 [pid 7413] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7412] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7413] chdir(".") = 0 [pid 7413] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7411] <... futex resumed>) = 0 [pid 7413] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7411] exit_group(0) = ? [pid 7413] <... futex resumed>) = ? [pid 7412] <... futex resumed>) = ? [pid 7412] +++ exited with 0 +++ [pid 7413] +++ exited with 0 +++ [pid 7411] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7411, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./801", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./801", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 161.595509][ T7412] loop0: detected capacity change from 0 to 1024 umount2("./801/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./801/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./801/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./801/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./801/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./801/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./801/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./801/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./801/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./801") = 0 mkdir("./802", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7414 ./strace-static-x86_64: Process 7414 attached [pid 7414] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7414] chdir("./802") = 0 [pid 7414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7414] setpgid(0, 0) = 0 [pid 7414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7414] write(3, "1000", 4) = 4 [pid 7414] close(3) = 0 [pid 7414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7414] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7414] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7414] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7415], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7415 [pid 7414] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7414] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7415 attached [pid 7415] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7415] memfd_create("syzkaller", 0) = 3 [pid 7415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7415] munmap(0x7f5464ee2000, 524288) = 0 [pid 7415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7415] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7415] close(3) = 0 [pid 7415] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7415] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7415] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7415] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7415] ioctl(4, LOOP_CLR_FD) = 0 [pid 7415] close(4) = 0 [pid 7415] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7414] <... futex resumed>) = 0 [pid 7414] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7414] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7414] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7415] <... futex resumed>) = 1 [pid 7414] <... mprotect resumed>) = 0 [pid 7414] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7415] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7414] <... clone resumed>, parent_tid=[7416], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7416 [pid 7414] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7414] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7416 attached [pid 7416] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7416] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7416] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7415] <... mknodat resumed>) = 0 [pid 7415] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7415] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7416] <... mount resumed>) = 0 [pid 7416] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7416] chdir(".") = 0 [pid 7416] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7414] <... futex resumed>) = 0 [pid 7414] exit_group(0) = ? [pid 7415] <... futex resumed>) = ? [pid 7416] <... futex resumed>) = ? [pid 7416] +++ exited with 0 +++ [pid 7415] +++ exited with 0 +++ [pid 7414] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7414, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./802", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./802", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./802/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./802/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./802/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./802/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 161.715790][ T7415] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "./802/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./802/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./802/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./802/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./802/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./802") = 0 mkdir("./803", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7417 ./strace-static-x86_64: Process 7417 attached [pid 7417] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7417] chdir("./803") = 0 [pid 7417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7417] setpgid(0, 0) = 0 [pid 7417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7417] write(3, "1000", 4) = 4 [pid 7417] close(3) = 0 [pid 7417] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7417] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7417] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7417] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7418 attached , parent_tid=[7418], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7418 [pid 7418] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7418] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7417] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7417] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7418] <... futex resumed>) = 0 [pid 7418] memfd_create("syzkaller", 0) = 3 [pid 7418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7418] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7418] munmap(0x7f5464ee2000, 524288) = 0 [pid 7418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7418] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7418] close(3) = 0 [pid 7418] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7418] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7418] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7418] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7418] ioctl(4, LOOP_CLR_FD) = 0 [pid 7418] close(4) = 0 [pid 7418] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7417] <... futex resumed>) = 0 [pid 7418] <... futex resumed>) = 1 [pid 7417] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7418] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7417] <... futex resumed>) = 0 [pid 7417] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7417] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7417] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7419 attached [pid 7419] set_robust_list(0x7f5464f619e0, 24 [pid 7418] <... mknodat resumed>) = 0 [pid 7417] <... clone resumed>, parent_tid=[7419], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7419 [pid 7419] <... set_robust_list resumed>) = 0 [pid 7418] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7417] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7418] <... futex resumed>) = 0 [pid 7417] <... futex resumed>) = 0 [pid 7419] mkdir(".", 0777 [pid 7418] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7417] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7419] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7419] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7419] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7419] chdir(".") = 0 [pid 7419] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7417] <... futex resumed>) = 0 [pid 7417] exit_group(0 [pid 7418] <... futex resumed>) = ? [pid 7417] <... exit_group resumed>) = ? [pid 7418] +++ exited with 0 +++ [pid 7419] <... futex resumed>) = ? [pid 7419] +++ exited with 0 +++ [pid 7417] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7417, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./803", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./803", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./803/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./803/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./803/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./803/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./803/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./803/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./803/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./803/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 161.818295][ T7418] loop0: detected capacity change from 0 to 1024 unlink("./803/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./803") = 0 mkdir("./804", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7420 ./strace-static-x86_64: Process 7420 attached [pid 7420] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7420] chdir("./804") = 0 [pid 7420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7420] setpgid(0, 0) = 0 [pid 7420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7420] write(3, "1000", 4) = 4 [pid 7420] close(3) = 0 [pid 7420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7420] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7420] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7420] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7421], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7421 ./strace-static-x86_64: Process 7421 attached [pid 7421] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7421] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7420] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7421] <... futex resumed>) = 0 [pid 7420] <... futex resumed>) = 1 [pid 7420] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7421] memfd_create("syzkaller", 0) = 3 [pid 7421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7421] munmap(0x7f5464ee2000, 524288) = 0 [pid 7421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7421] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7421] close(3) = 0 [pid 7421] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7421] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7421] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7421] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7421] ioctl(4, LOOP_CLR_FD) = 0 [pid 7421] close(4) = 0 [pid 7421] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7420] <... futex resumed>) = 0 [pid 7420] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7420] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7421] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7420] <... mmap resumed>) = 0x7f5464f41000 [pid 7420] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7420] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7422], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7422 [pid 7420] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7420] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7422 attached [pid 7422] set_robust_list(0x7f5464f619e0, 24 [pid 7421] <... mknodat resumed>) = 0 [pid 7421] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7421] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7422] <... set_robust_list resumed>) = 0 [pid 7422] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7422] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7422] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7422] chdir(".") = 0 [pid 7422] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7420] <... futex resumed>) = 0 [pid 7422] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7420] exit_group(0 [pid 7422] <... futex resumed>) = ? [pid 7421] <... futex resumed>) = ? [pid 7420] <... exit_group resumed>) = ? [pid 7421] +++ exited with 0 +++ [pid 7422] +++ exited with 0 +++ [pid 7420] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7420, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./804", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./804", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 161.916969][ T7421] loop0: detected capacity change from 0 to 1024 umount2("./804/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./804/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./804/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./804/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./804/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./804/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./804/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./804/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./804/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./804") = 0 mkdir("./805", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7423 ./strace-static-x86_64: Process 7423 attached [pid 7423] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7423] chdir("./805") = 0 [pid 7423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7423] setpgid(0, 0) = 0 [pid 7423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7423] write(3, "1000", 4) = 4 [pid 7423] close(3) = 0 [pid 7423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7423] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7423] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7423] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7424 attached , parent_tid=[7424], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7424 [pid 7423] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7423] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7424] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7424] memfd_create("syzkaller", 0) = 3 [pid 7424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7424] munmap(0x7f5464ee2000, 524288) = 0 [pid 7424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7424] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7424] close(3) = 0 [pid 7424] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7424] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7424] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7424] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7424] ioctl(4, LOOP_CLR_FD) = 0 [pid 7424] close(4) = 0 [pid 7424] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7424] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7423] <... futex resumed>) = 0 [pid 7423] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7423] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7424] <... futex resumed>) = 0 [pid 7423] <... mmap resumed>) = 0x7f5464f41000 [pid 7423] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7424] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7423] <... mprotect resumed>) = 0 [pid 7423] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7425], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7425 [pid 7423] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7423] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7424] <... mknodat resumed>) = 0 [pid 7424] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7424] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7425 attached [pid 7425] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7425] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7425] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7425] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7425] chdir(".") = 0 [pid 7425] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7423] <... futex resumed>) = 0 [pid 7425] <... futex resumed>) = 1 [pid 7425] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7423] exit_group(0 [pid 7425] <... futex resumed>) = ? [pid 7423] <... exit_group resumed>) = ? [pid 7424] <... futex resumed>) = ? [pid 7424] +++ exited with 0 +++ [pid 7425] +++ exited with 0 +++ [pid 7423] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7423, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./805", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./805", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 162.032470][ T7424] loop0: detected capacity change from 0 to 1024 umount2("./805/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./805/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./805/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./805/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./805/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./805/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./805/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./805/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./805/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./805") = 0 mkdir("./806", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7426 ./strace-static-x86_64: Process 7426 attached [pid 7426] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7426] chdir("./806") = 0 [pid 7426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7426] setpgid(0, 0) = 0 [pid 7426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7426] write(3, "1000", 4) = 4 [pid 7426] close(3) = 0 [pid 7426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7426] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7426] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7426] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7427], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7427 [pid 7426] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7426] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7427 attached [pid 7427] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7427] memfd_create("syzkaller", 0) = 3 [pid 7427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7427] munmap(0x7f5464ee2000, 524288) = 0 [pid 7427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7427] close(3) = 0 [pid 7427] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7427] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7427] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7427] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7427] ioctl(4, LOOP_CLR_FD) = 0 [pid 7427] close(4) = 0 [pid 7427] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7426] <... futex resumed>) = 0 [pid 7427] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7426] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7426] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7426] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7426] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7428], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7428 [pid 7427] <... mknodat resumed>) = 0 [pid 7426] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7426] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7427] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7427] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7428 attached [pid 7428] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7428] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7428] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7428] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7428] chdir(".") = 0 [pid 7428] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7426] <... futex resumed>) = 0 [pid 7426] exit_group(0 [pid 7427] <... futex resumed>) = ? [pid 7426] <... exit_group resumed>) = ? [pid 7427] +++ exited with 0 +++ [pid 7428] <... futex resumed>) = ? [pid 7428] +++ exited with 0 +++ [pid 7426] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7426, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./806", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./806", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./806/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./806/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./806/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 162.138616][ T7427] loop0: detected capacity change from 0 to 1024 umount2("./806/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./806/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./806/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./806/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./806/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./806/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./806") = 0 mkdir("./807", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7429 ./strace-static-x86_64: Process 7429 attached [pid 7429] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7429] chdir("./807") = 0 [pid 7429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7429] setpgid(0, 0) = 0 [pid 7429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7429] write(3, "1000", 4) = 4 [pid 7429] close(3) = 0 [pid 7429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7429] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7429] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7429] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7430 attached [pid 7430] set_robust_list(0x7f546d3029e0, 24 [pid 7429] <... clone resumed>, parent_tid=[7430], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7430 [pid 7430] <... set_robust_list resumed>) = 0 [pid 7429] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7429] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7430] memfd_create("syzkaller", 0) = 3 [pid 7430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7430] munmap(0x7f5464ee2000, 524288) = 0 [pid 7430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7430] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7430] close(3) = 0 [pid 7430] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7430] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7430] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7430] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7430] ioctl(4, LOOP_CLR_FD) = 0 [pid 7430] close(4) = 0 [pid 7430] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7430] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7429] <... futex resumed>) = 0 [pid 7429] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7430] <... futex resumed>) = 0 [pid 7429] <... futex resumed>) = 1 [pid 7430] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7429] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7429] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7430] <... mknodat resumed>) = 0 [pid 7429] <... mprotect resumed>) = 0 [pid 7429] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7431], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7431 ./strace-static-x86_64: Process 7431 attached [pid 7429] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7431] set_robust_list(0x7f5464f619e0, 24 [pid 7430] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7429] <... futex resumed>) = 0 [pid 7431] <... set_robust_list resumed>) = 0 [pid 7430] <... futex resumed>) = 0 [pid 7429] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7431] mkdir(".", 0777 [pid 7430] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7431] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7431] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7431] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7431] chdir(".") = 0 [pid 7431] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7429] <... futex resumed>) = 0 [pid 7431] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7429] exit_group(0 [pid 7431] <... futex resumed>) = ? [pid 7430] <... futex resumed>) = ? [pid 7429] <... exit_group resumed>) = ? [pid 7431] +++ exited with 0 +++ [pid 7430] +++ exited with 0 +++ [pid 7429] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7429, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./807", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./807", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 162.249539][ T7430] loop0: detected capacity change from 0 to 1024 umount2("./807/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./807/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./807/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./807/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./807/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./807/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./807/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./807/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./807/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./807") = 0 mkdir("./808", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7432 ./strace-static-x86_64: Process 7432 attached [pid 7432] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7432] chdir("./808") = 0 [pid 7432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7432] setpgid(0, 0) = 0 [pid 7432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7432] write(3, "1000", 4) = 4 [pid 7432] close(3) = 0 [pid 7432] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7432] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7432] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7432] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7433 attached , parent_tid=[7433], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7433 [pid 7432] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7432] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7433] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7433] memfd_create("syzkaller", 0) = 3 [pid 7433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7433] munmap(0x7f5464ee2000, 524288) = 0 [pid 7433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7433] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7433] close(3) = 0 [pid 7433] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7433] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7433] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7433] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7433] ioctl(4, LOOP_CLR_FD) = 0 [pid 7433] close(4) = 0 [pid 7433] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7432] <... futex resumed>) = 0 [pid 7432] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7432] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7432] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7432] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7434], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7434 [pid 7432] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7432] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7433] <... futex resumed>) = 1 [pid 7433] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7434 attached [pid 7434] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7434] mkdir(".", 0777 [pid 7433] <... mknodat resumed>) = 0 [pid 7434] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7434] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7433] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7433] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7434] <... mount resumed>) = 0 [pid 7434] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7434] chdir(".") = 0 [pid 7434] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7432] <... futex resumed>) = 0 [pid 7432] exit_group(0 [pid 7434] ???( [pid 7432] <... exit_group resumed>) = ? [pid 7433] <... futex resumed>) = ? [pid 7434] <... ??? resumed>) = ? [pid 7433] +++ exited with 0 +++ [pid 7434] +++ exited with 0 +++ [pid 7432] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7432, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./808", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./808", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 162.363762][ T7433] loop0: detected capacity change from 0 to 1024 umount2("./808/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./808/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./808/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./808/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./808/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./808/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./808/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./808/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./808/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./808") = 0 mkdir("./809", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7435 ./strace-static-x86_64: Process 7435 attached [pid 7435] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7435] chdir("./809") = 0 [pid 7435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7435] setpgid(0, 0) = 0 [pid 7435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7435] write(3, "1000", 4) = 4 [pid 7435] close(3) = 0 [pid 7435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7435] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7435] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7435] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7436], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7436 [pid 7435] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7435] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7436 attached [pid 7436] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7436] memfd_create("syzkaller", 0) = 3 [pid 7436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7436] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7436] munmap(0x7f5464ee2000, 524288) = 0 [pid 7436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7436] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7436] close(3) = 0 [pid 7436] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7436] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7436] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7436] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7436] ioctl(4, LOOP_CLR_FD) = 0 [pid 7436] close(4) = 0 [pid 7436] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7435] <... futex resumed>) = 0 [pid 7435] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7435] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7435] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7435] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7437], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7437 [pid 7435] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7435] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7436] <... futex resumed>) = 1 [pid 7436] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7437 attached [pid 7437] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7437] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7437] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7436] <... mknodat resumed>) = 0 [pid 7436] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7436] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7437] <... mount resumed>) = 0 [pid 7437] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7437] chdir(".") = 0 [pid 7437] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7435] <... futex resumed>) = 0 [pid 7435] exit_group(0) = ? [pid 7437] <... futex resumed>) = ? [pid 7437] +++ exited with 0 +++ [pid 7436] <... futex resumed>) = ? [pid 7436] +++ exited with 0 +++ [pid 7435] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7435, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./809", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./809", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./809/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./809/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 162.471194][ T7436] loop0: detected capacity change from 0 to 1024 lstat("./809/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./809/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./809/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./809/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./809/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./809/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./809/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./809") = 0 mkdir("./810", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7438 ./strace-static-x86_64: Process 7438 attached [pid 7438] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7438] chdir("./810") = 0 [pid 7438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7438] setpgid(0, 0) = 0 [pid 7438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7438] write(3, "1000", 4) = 4 [pid 7438] close(3) = 0 [pid 7438] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7438] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7438] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7438] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7439 attached [pid 7439] set_robust_list(0x7f546d3029e0, 24 [pid 7438] <... clone resumed>, parent_tid=[7439], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7439 [pid 7439] <... set_robust_list resumed>) = 0 [pid 7438] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7438] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7439] memfd_create("syzkaller", 0) = 3 [pid 7439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7439] munmap(0x7f5464ee2000, 524288) = 0 [pid 7439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7439] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7439] close(3) = 0 [pid 7439] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7439] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7439] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7439] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7439] ioctl(4, LOOP_CLR_FD) = 0 [pid 7439] close(4) = 0 [pid 7439] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7439] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7438] <... futex resumed>) = 0 [pid 7438] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7438] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7438] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7439] <... futex resumed>) = 0 [pid 7438] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7440], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7440 [pid 7438] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7438] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7439] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7440 attached [pid 7440] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7439] <... mknodat resumed>) = 0 [pid 7440] mkdir(".", 0777 [pid 7439] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7440] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7440] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7439] <... futex resumed>) = 0 [pid 7439] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7440] <... mount resumed>) = 0 [pid 7440] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7440] chdir(".") = 0 [pid 7440] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7438] <... futex resumed>) = 0 [pid 7438] exit_group(0) = ? [pid 7440] +++ exited with 0 +++ [pid 7439] <... futex resumed>) = ? [pid 7439] +++ exited with 0 +++ [pid 7438] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7438, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./810", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./810", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./810/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 162.609283][ T7439] loop0: detected capacity change from 0 to 1024 umount2("./810/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./810/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./810/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./810/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./810/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./810/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./810/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./810/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./810") = 0 mkdir("./811", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7441 ./strace-static-x86_64: Process 7441 attached [pid 7441] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7441] chdir("./811") = 0 [pid 7441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7441] setpgid(0, 0) = 0 [pid 7441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7441] write(3, "1000", 4) = 4 [pid 7441] close(3) = 0 [pid 7441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7441] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7441] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7441] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7442 attached , parent_tid=[7442], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7442 [pid 7441] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7441] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7442] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7442] memfd_create("syzkaller", 0) = 3 [pid 7442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7442] munmap(0x7f5464ee2000, 524288) = 0 [pid 7442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7442] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7442] close(3) = 0 [pid 7442] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7442] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7442] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7442] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7442] ioctl(4, LOOP_CLR_FD) = 0 [pid 7442] close(4) = 0 [pid 7442] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7441] <... futex resumed>) = 0 [pid 7441] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7441] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7441] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7441] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7443], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7443 [pid 7441] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7441] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7442] <... futex resumed>) = 1 [pid 7442] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7442] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7442] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7443 attached [pid 7443] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7443] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7443] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7443] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7443] chdir(".") = 0 [pid 7443] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7441] <... futex resumed>) = 0 [pid 7441] exit_group(0 [pid 7442] <... futex resumed>) = ? [pid 7441] <... exit_group resumed>) = ? [pid 7442] +++ exited with 0 +++ [pid 7443] <... futex resumed>) = ? [pid 7443] +++ exited with 0 +++ [pid 7441] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7441, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./811", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./811", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 162.711086][ T7442] loop0: detected capacity change from 0 to 1024 umount2("./811/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./811/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./811/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./811/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./811/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./811/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./811/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./811/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./811/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./811") = 0 mkdir("./812", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7444 ./strace-static-x86_64: Process 7444 attached [pid 7444] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7444] chdir("./812") = 0 [pid 7444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7444] setpgid(0, 0) = 0 [pid 7444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7444] write(3, "1000", 4) = 4 [pid 7444] close(3) = 0 [pid 7444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7444] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7444] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7444] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7445], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7445 [pid 7444] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7444] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7445 attached [pid 7445] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7445] memfd_create("syzkaller", 0) = 3 [pid 7445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7445] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7445] munmap(0x7f5464ee2000, 524288) = 0 [pid 7445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7445] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7445] close(3) = 0 [pid 7445] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7445] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7445] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7445] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7445] ioctl(4, LOOP_CLR_FD) = 0 [pid 7445] close(4) = 0 [pid 7445] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7444] <... futex resumed>) = 0 [pid 7444] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7444] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7444] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7444] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7446], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7446 [pid 7444] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7444] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7445] <... futex resumed>) = 1 [pid 7445] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7445] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7445] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7446 attached [pid 7446] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7446] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7446] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7446] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7446] chdir(".") = 0 [pid 7446] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7444] <... futex resumed>) = 0 [pid 7444] exit_group(0) = ? [pid 7445] <... futex resumed>) = ? [pid 7445] +++ exited with 0 +++ [pid 7446] +++ exited with 0 +++ [pid 7444] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7444, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./812", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./812", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 162.824106][ T7445] loop0: detected capacity change from 0 to 1024 umount2("./812/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./812/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./812/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./812/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./812/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./812/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./812/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./812/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./812/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./812") = 0 mkdir("./813", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7447 ./strace-static-x86_64: Process 7447 attached [pid 7447] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7447] chdir("./813") = 0 [pid 7447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7447] setpgid(0, 0) = 0 [pid 7447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7447] write(3, "1000", 4) = 4 [pid 7447] close(3) = 0 [pid 7447] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7447] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7447] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7447] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7448], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7448 [pid 7447] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7447] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7448 attached [pid 7448] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7448] memfd_create("syzkaller", 0) = 3 [pid 7448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7448] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7448] munmap(0x7f5464ee2000, 524288) = 0 [pid 7448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7448] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7448] close(3) = 0 [pid 7448] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7448] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7448] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7448] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7448] ioctl(4, LOOP_CLR_FD) = 0 [pid 7448] close(4) = 0 [pid 7448] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7447] <... futex resumed>) = 0 [pid 7447] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7447] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7447] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7447] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7449], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7449 [pid 7447] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7447] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7448] <... futex resumed>) = 1 [pid 7448] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7448] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7448] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7449 attached [pid 7449] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7449] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7449] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7449] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7449] chdir(".") = 0 [pid 7449] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7447] <... futex resumed>) = 0 [pid 7449] <... futex resumed>) = 1 [pid 7449] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7447] exit_group(0) = ? [pid 7449] <... futex resumed>) = ? [pid 7448] <... futex resumed>) = ? [pid 7449] +++ exited with 0 +++ [pid 7448] +++ exited with 0 +++ [pid 7447] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7447, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./813", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./813", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./813/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 162.922617][ T7448] loop0: detected capacity change from 0 to 1024 umount2("./813/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./813/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./813/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./813/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./813/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./813/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./813/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./813/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./813") = 0 mkdir("./814", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7450 ./strace-static-x86_64: Process 7450 attached [pid 7450] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7450] chdir("./814") = 0 [pid 7450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7450] setpgid(0, 0) = 0 [pid 7450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7450] write(3, "1000", 4) = 4 [pid 7450] close(3) = 0 [pid 7450] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7450] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7450] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7450] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7451], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7451 [pid 7450] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7450] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7451 attached [pid 7451] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7451] memfd_create("syzkaller", 0) = 3 [pid 7451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7451] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7451] munmap(0x7f5464ee2000, 524288) = 0 [pid 7451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7451] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7451] close(3) = 0 [pid 7451] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7451] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7451] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7451] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7451] ioctl(4, LOOP_CLR_FD) = 0 [pid 7451] close(4) = 0 [pid 7451] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7450] <... futex resumed>) = 0 [pid 7451] <... futex resumed>) = 1 [pid 7450] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7451] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7450] <... futex resumed>) = 0 [pid 7450] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7450] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7450] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7452], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7452 [pid 7450] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7450] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7451] <... mknodat resumed>) = 0 [pid 7451] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7451] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7452 attached [pid 7452] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7452] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7452] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7452] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7452] chdir(".") = 0 [pid 7452] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7452] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7450] <... futex resumed>) = 0 [pid 7450] exit_group(0) = ? [pid 7451] <... futex resumed>) = ? [pid 7452] <... futex resumed>) = ? [pid 7452] +++ exited with 0 +++ [pid 7451] +++ exited with 0 +++ [pid 7450] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7450, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./814", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./814", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./814/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 163.036258][ T7451] loop0: detected capacity change from 0 to 1024 umount2("./814/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./814/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./814/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./814/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./814/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./814/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./814/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./814/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./814") = 0 mkdir("./815", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7453 ./strace-static-x86_64: Process 7453 attached [pid 7453] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7453] chdir("./815") = 0 [pid 7453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7453] setpgid(0, 0) = 0 [pid 7453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7453] write(3, "1000", 4) = 4 [pid 7453] close(3) = 0 [pid 7453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7453] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7453] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7453] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7454 attached , parent_tid=[7454], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7454 [pid 7453] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7453] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7454] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7454] memfd_create("syzkaller", 0) = 3 [pid 7454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7454] munmap(0x7f5464ee2000, 524288) = 0 [pid 7454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7454] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7454] close(3) = 0 [pid 7454] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7454] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7454] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7454] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7454] ioctl(4, LOOP_CLR_FD) = 0 [pid 7454] close(4) = 0 [pid 7454] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7453] <... futex resumed>) = 0 [pid 7454] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7453] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7453] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7453] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7453] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7455], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7455 [pid 7453] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7453] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7454] <... mknodat resumed>) = 0 [pid 7454] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7454] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7455 attached [pid 7455] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7455] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7455] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7455] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7455] chdir(".") = 0 [pid 7455] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7453] <... futex resumed>) = 0 [pid 7455] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7453] exit_group(0 [pid 7455] <... futex resumed>) = ? [pid 7454] <... futex resumed>) = ? [pid 7453] <... exit_group resumed>) = ? [pid 7455] +++ exited with 0 +++ [pid 7454] +++ exited with 0 +++ [pid 7453] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7453, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./815", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./815", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./815/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./815/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./815/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./815/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./815/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 163.164696][ T7454] loop0: detected capacity change from 0 to 1024 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./815/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./815/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./815/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./815/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./815") = 0 mkdir("./816", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7456 ./strace-static-x86_64: Process 7456 attached [pid 7456] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7456] chdir("./816") = 0 [pid 7456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7456] setpgid(0, 0) = 0 [pid 7456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7456] write(3, "1000", 4) = 4 [pid 7456] close(3) = 0 [pid 7456] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7456] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7456] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7456] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7457 attached , parent_tid=[7457], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7457 [pid 7456] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7456] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7457] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7457] memfd_create("syzkaller", 0) = 3 [pid 7457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7457] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7457] munmap(0x7f5464ee2000, 524288) = 0 [pid 7457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7457] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7457] close(3) = 0 [pid 7457] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7457] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7457] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7457] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7457] ioctl(4, LOOP_CLR_FD) = 0 [pid 7457] close(4) = 0 [pid 7457] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7456] <... futex resumed>) = 0 [pid 7456] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7456] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7457] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7456] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7456] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7458], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7458 [pid 7456] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7456] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7458 attached [pid 7458] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7458] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7458] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7457] <... mknodat resumed>) = 0 [pid 7457] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7457] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7458] <... mount resumed>) = 0 [pid 7458] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7458] chdir(".") = 0 [pid 7458] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7456] <... futex resumed>) = 0 [pid 7458] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7456] exit_group(0) = ? [pid 7458] <... futex resumed>) = ? [pid 7458] +++ exited with 0 +++ [pid 7457] <... futex resumed>) = ? [pid 7457] +++ exited with 0 +++ [pid 7456] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7456, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./816", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./816", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 163.271199][ T7457] loop0: detected capacity change from 0 to 1024 umount2("./816/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./816/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./816/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./816/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./816/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./816/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./816/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./816/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./816/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./816") = 0 mkdir("./817", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7459 ./strace-static-x86_64: Process 7459 attached [pid 7459] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7459] chdir("./817") = 0 [pid 7459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7459] setpgid(0, 0) = 0 [pid 7459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7459] write(3, "1000", 4) = 4 [pid 7459] close(3) = 0 [pid 7459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7459] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7459] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7459] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7460], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7460 [pid 7459] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7459] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7460 attached [pid 7460] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7460] memfd_create("syzkaller", 0) = 3 [pid 7460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7460] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7460] munmap(0x7f5464ee2000, 524288) = 0 [pid 7460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7460] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7460] close(3) = 0 [pid 7460] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7460] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7460] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7460] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7460] ioctl(4, LOOP_CLR_FD) = 0 [pid 7460] close(4) = 0 [pid 7460] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7459] <... futex resumed>) = 0 [pid 7459] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7459] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7459] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7459] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7461], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7461 [pid 7459] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7459] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7460] <... futex resumed>) = 1 [pid 7460] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7460] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7460] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7461 attached [pid 7461] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7461] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7461] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7461] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7461] chdir(".") = 0 [pid 7461] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7459] <... futex resumed>) = 0 [pid 7459] exit_group(0) = ? [pid 7461] +++ exited with 0 +++ [pid 7460] <... futex resumed>) = ? [pid 7460] +++ exited with 0 +++ [pid 7459] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7459, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./817", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./817", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./817/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./817/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./817/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./817/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./817/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 163.374572][ T7460] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./817/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./817/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./817/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./817/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./817") = 0 mkdir("./818", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7462 ./strace-static-x86_64: Process 7462 attached [pid 7462] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7462] chdir("./818") = 0 [pid 7462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7462] setpgid(0, 0) = 0 [pid 7462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7462] write(3, "1000", 4) = 4 [pid 7462] close(3) = 0 [pid 7462] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7462] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7462] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7462] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7463], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7463 [pid 7462] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7462] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7463 attached [pid 7463] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7463] memfd_create("syzkaller", 0) = 3 [pid 7463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7463] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7463] munmap(0x7f5464ee2000, 524288) = 0 [pid 7463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7463] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7463] close(3) = 0 [pid 7463] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7463] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7463] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7463] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7463] ioctl(4, LOOP_CLR_FD) = 0 [pid 7463] close(4) = 0 [pid 7463] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7463] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7462] <... futex resumed>) = 0 [pid 7462] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7463] <... futex resumed>) = 0 [pid 7462] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7463] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7462] <... futex resumed>) = 0 [pid 7462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7462] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7462] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7464 attached , parent_tid=[7464], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7464 [pid 7462] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7464] set_robust_list(0x7f5464f619e0, 24 [pid 7462] <... futex resumed>) = 0 [pid 7463] <... mknodat resumed>) = 0 [pid 7462] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7464] <... set_robust_list resumed>) = 0 [pid 7463] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7463] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7464] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7464] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7464] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7464] chdir(".") = 0 [pid 7464] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7462] <... futex resumed>) = 0 [pid 7462] exit_group(0 [pid 7463] <... futex resumed>) = ? [pid 7462] <... exit_group resumed>) = ? [pid 7463] +++ exited with 0 +++ [pid 7464] +++ exited with 0 +++ [pid 7462] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7462, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./818", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./818", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./818/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./818/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./818/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./818/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./818/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./818/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./818/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./818/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./818/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./818") = 0 mkdir("./819", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 163.469188][ T7463] loop0: detected capacity change from 0 to 1024 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7465 ./strace-static-x86_64: Process 7465 attached [pid 7465] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7465] chdir("./819") = 0 [pid 7465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7465] setpgid(0, 0) = 0 [pid 7465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7465] write(3, "1000", 4) = 4 [pid 7465] close(3) = 0 [pid 7465] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7465] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7465] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7465] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7466 attached [pid 7466] set_robust_list(0x7f546d3029e0, 24 [pid 7465] <... clone resumed>, parent_tid=[7466], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7466 [pid 7465] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7465] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7466] <... set_robust_list resumed>) = 0 [pid 7466] memfd_create("syzkaller", 0) = 3 [pid 7466] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7466] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7466] munmap(0x7f5464ee2000, 524288) = 0 [pid 7466] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7466] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7466] close(3) = 0 [pid 7466] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7466] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7466] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7466] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7466] ioctl(4, LOOP_CLR_FD) = 0 [pid 7466] close(4) = 0 [pid 7466] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7466] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7465] <... futex resumed>) = 0 [pid 7465] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7466] <... futex resumed>) = 0 [pid 7465] <... futex resumed>) = 1 [pid 7466] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7465] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7465] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7466] <... mknodat resumed>) = 0 [pid 7465] <... mprotect resumed>) = 0 [pid 7466] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7465] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7466] <... futex resumed>) = 0 [pid 7466] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7467 attached [pid 7465] <... clone resumed>, parent_tid=[7467], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7467 [pid 7465] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7465] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7467] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7467] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7467] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7467] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7467] chdir(".") = 0 [pid 7467] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7465] <... futex resumed>) = 0 [pid 7465] exit_group(0 [pid 7466] <... futex resumed>) = ? [pid 7465] <... exit_group resumed>) = ? [pid 7466] +++ exited with 0 +++ [pid 7467] +++ exited with 0 +++ [pid 7465] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7465, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./819", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./819", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 163.564214][ T7466] loop0: detected capacity change from 0 to 1024 umount2("./819/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./819/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./819/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./819/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./819/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./819/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./819/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./819/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./819/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./819") = 0 mkdir("./820", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7468 attached , child_tidptr=0x5555561b25d0) = 7468 [pid 7468] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7468] chdir("./820") = 0 [pid 7468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7468] setpgid(0, 0) = 0 [pid 7468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7468] write(3, "1000", 4) = 4 [pid 7468] close(3) = 0 [pid 7468] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7468] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7468] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7468] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7469], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7469 [pid 7468] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7468] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7469 attached [pid 7469] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7469] memfd_create("syzkaller", 0) = 3 [pid 7469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7469] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7469] munmap(0x7f5464ee2000, 524288) = 0 [pid 7469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7469] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7469] close(3) = 0 [pid 7469] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7469] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7469] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7469] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7469] ioctl(4, LOOP_CLR_FD) = 0 [pid 7469] close(4) = 0 [pid 7469] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7468] <... futex resumed>) = 0 [pid 7469] <... futex resumed>) = 1 [pid 7468] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7469] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7468] <... futex resumed>) = 0 [pid 7468] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7468] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7468] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7470], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7470 [pid 7468] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7468] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7469] <... mknodat resumed>) = 0 ./strace-static-x86_64: Process 7470 attached [pid 7470] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7470] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7470] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7469] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7470] <... mount resumed>) = 0 [pid 7470] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7470] chdir(".") = 0 [pid 7469] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7470] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7468] <... futex resumed>) = 0 [pid 7468] exit_group(0) = ? [pid 7470] <... futex resumed>) = ? [pid 7470] +++ exited with 0 +++ [pid 7469] <... futex resumed>) = ? [pid 7469] +++ exited with 0 +++ [pid 7468] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7468, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./820", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./820", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./820/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./820/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./820/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./820/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./820/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./820/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./820/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./820/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./820/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./820") = 0 mkdir("./821", 0777) = 0 [ 163.669874][ T7469] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7471 ./strace-static-x86_64: Process 7471 attached [pid 7471] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7471] chdir("./821") = 0 [pid 7471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7471] setpgid(0, 0) = 0 [pid 7471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7471] write(3, "1000", 4) = 4 [pid 7471] close(3) = 0 [pid 7471] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7471] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7471] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7471] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7472], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7472 ./strace-static-x86_64: Process 7472 attached [pid 7471] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7471] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7472] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7472] memfd_create("syzkaller", 0) = 3 [pid 7472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7472] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7472] munmap(0x7f5464ee2000, 524288) = 0 [pid 7472] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7472] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7472] close(3) = 0 [pid 7472] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7472] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7472] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7472] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7472] ioctl(4, LOOP_CLR_FD) = 0 [pid 7472] close(4) = 0 [pid 7472] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7471] <... futex resumed>) = 0 [pid 7471] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7471] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7471] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7471] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7473], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7473 [pid 7471] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7471] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7472] <... futex resumed>) = 1 [pid 7472] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7472] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7472] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7473 attached [pid 7473] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7473] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7473] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7473] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7473] chdir(".") = 0 [pid 7473] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7471] <... futex resumed>) = 0 [pid 7471] exit_group(0 [pid 7472] <... futex resumed>) = ? [pid 7471] <... exit_group resumed>) = ? [pid 7472] +++ exited with 0 +++ [pid 7473] <... futex resumed>) = ? [pid 7473] +++ exited with 0 +++ [pid 7471] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7471, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./821", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./821", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./821/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./821/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./821/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./821/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 163.763421][ T7472] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "./821/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./821/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./821/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./821/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./821/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./821") = 0 mkdir("./822", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7474 ./strace-static-x86_64: Process 7474 attached [pid 7474] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7474] chdir("./822") = 0 [pid 7474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7474] setpgid(0, 0) = 0 [pid 7474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7474] write(3, "1000", 4) = 4 [pid 7474] close(3) = 0 [pid 7474] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7474] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7474] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7474] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7475 attached , parent_tid=[7475], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7475 [pid 7475] set_robust_list(0x7f546d3029e0, 24 [pid 7474] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7475] <... set_robust_list resumed>) = 0 [pid 7474] <... futex resumed>) = 0 [pid 7474] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7475] memfd_create("syzkaller", 0) = 3 [pid 7475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7475] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7475] munmap(0x7f5464ee2000, 524288) = 0 [pid 7475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7475] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7475] close(3) = 0 [pid 7475] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7475] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7475] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7475] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7475] ioctl(4, LOOP_CLR_FD) = 0 [pid 7475] close(4) = 0 [pid 7475] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7474] <... futex resumed>) = 0 [pid 7475] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7474] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7475] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7474] <... futex resumed>) = 0 [pid 7475] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7474] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7474] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7474] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7475] <... mknodat resumed>) = 0 [pid 7474] <... clone resumed>, parent_tid=[7476], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7476 [pid 7474] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7474] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7475] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7475] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7476 attached [pid 7476] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7476] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7476] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7476] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7476] chdir(".") = 0 [pid 7476] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7474] <... futex resumed>) = 0 [pid 7476] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7474] exit_group(0 [pid 7476] <... futex resumed>) = ? [pid 7475] <... futex resumed>) = ? [pid 7474] <... exit_group resumed>) = ? [pid 7476] +++ exited with 0 +++ [pid 7475] +++ exited with 0 +++ [pid 7474] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7474, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./822", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./822", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 163.876102][ T7475] loop0: detected capacity change from 0 to 1024 umount2("./822/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./822/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./822/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./822/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./822/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./822/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./822/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./822/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./822/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./822") = 0 mkdir("./823", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7477 attached , child_tidptr=0x5555561b25d0) = 7477 [pid 7477] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7477] chdir("./823") = 0 [pid 7477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7477] setpgid(0, 0) = 0 [pid 7477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7477] write(3, "1000", 4) = 4 [pid 7477] close(3) = 0 [pid 7477] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7477] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7477] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7477] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7478 attached , parent_tid=[7478], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7478 [pid 7478] set_robust_list(0x7f546d3029e0, 24 [pid 7477] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7478] <... set_robust_list resumed>) = 0 [pid 7477] <... futex resumed>) = 0 [pid 7477] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7478] memfd_create("syzkaller", 0) = 3 [pid 7478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7478] munmap(0x7f5464ee2000, 524288) = 0 [pid 7478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7478] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7478] close(3) = 0 [pid 7478] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7478] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7478] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7478] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7478] ioctl(4, LOOP_CLR_FD) = 0 [pid 7478] close(4) = 0 [pid 7478] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7477] <... futex resumed>) = 0 [pid 7478] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7477] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7477] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7477] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7477] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7479], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7479 [pid 7477] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7477] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7478] <... futex resumed>) = 0 [pid 7478] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7478] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7478] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7479 attached [pid 7479] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7479] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7479] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7479] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7479] chdir(".") = 0 [pid 7479] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7477] <... futex resumed>) = 0 [pid 7479] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7477] exit_group(0 [pid 7479] <... futex resumed>) = ? [pid 7477] <... exit_group resumed>) = ? [pid 7479] +++ exited with 0 +++ [pid 7478] <... futex resumed>) = ? [pid 7478] +++ exited with 0 +++ [pid 7477] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7477, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./823", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./823", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./823/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./823/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./823/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./823/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./823/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./823/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./823/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./823/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./823/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./823") = 0 mkdir("./824", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 163.992920][ T7478] loop0: detected capacity change from 0 to 1024 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7480 ./strace-static-x86_64: Process 7480 attached [pid 7480] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7480] chdir("./824") = 0 [pid 7480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7480] setpgid(0, 0) = 0 [pid 7480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7480] write(3, "1000", 4) = 4 [pid 7480] close(3) = 0 [pid 7480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7480] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7480] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7480] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7481], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7481 [pid 7480] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7480] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7481 attached [pid 7481] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7481] memfd_create("syzkaller", 0) = 3 [pid 7481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7481] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7481] munmap(0x7f5464ee2000, 524288) = 0 [pid 7481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7481] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7481] close(3) = 0 [pid 7481] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7481] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7481] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7481] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7481] ioctl(4, LOOP_CLR_FD) = 0 [pid 7481] close(4) = 0 [pid 7481] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7481] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7480] <... futex resumed>) = 0 [pid 7480] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7481] <... futex resumed>) = 0 [pid 7481] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7480] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7480] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7480] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7482], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7482 [pid 7480] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7481] <... mknodat resumed>) = 0 [pid 7480] <... futex resumed>) = 0 [pid 7481] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7480] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7481] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7482 attached [pid 7481] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7482] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7482] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7482] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7482] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7482] chdir(".") = 0 [pid 7482] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7480] <... futex resumed>) = 0 [pid 7480] exit_group(0 [pid 7481] <... futex resumed>) = ? [ 164.091247][ T7481] loop0: detected capacity change from 0 to 1024 [pid 7480] <... exit_group resumed>) = ? [pid 7481] +++ exited with 0 +++ [pid 7482] <... futex resumed>) = ? [pid 7482] +++ exited with 0 +++ [pid 7480] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7480, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./824", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./824", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./824/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./824/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./824/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./824/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./824/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./824/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./824/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./824/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./824/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./824") = 0 mkdir("./825", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7483 ./strace-static-x86_64: Process 7483 attached [pid 7483] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7483] chdir("./825") = 0 [pid 7483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7483] setpgid(0, 0) = 0 [pid 7483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7483] write(3, "1000", 4) = 4 [pid 7483] close(3) = 0 [pid 7483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7483] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7483] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7483] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7484 attached [pid 7484] set_robust_list(0x7f546d3029e0, 24 [pid 7483] <... clone resumed>, parent_tid=[7484], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7484 [pid 7484] <... set_robust_list resumed>) = 0 [pid 7483] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7483] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7484] memfd_create("syzkaller", 0) = 3 [pid 7484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7484] munmap(0x7f5464ee2000, 524288) = 0 [pid 7484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7484] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7484] close(3) = 0 [pid 7484] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7484] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7484] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7484] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7484] ioctl(4, LOOP_CLR_FD) = 0 [pid 7484] close(4) = 0 [pid 7484] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7483] <... futex resumed>) = 0 [pid 7484] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7483] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7484] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7483] <... futex resumed>) = 0 [pid 7484] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7483] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7483] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7484] <... mknodat resumed>) = 0 [pid 7483] <... mprotect resumed>) = 0 [pid 7483] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7485], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7485 [pid 7483] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7484] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7483] <... futex resumed>) = 0 [pid 7484] <... futex resumed>) = 0 [pid 7483] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7484] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7485 attached [pid 7485] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7485] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7485] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7485] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7485] chdir(".") = 0 [pid 7485] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7483] <... futex resumed>) = 0 [pid 7485] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7483] exit_group(0 [pid 7485] <... futex resumed>) = ? [pid 7484] <... futex resumed>) = ? [pid 7483] <... exit_group resumed>) = ? [pid 7485] +++ exited with 0 +++ [pid 7484] +++ exited with 0 +++ [pid 7483] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7483, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./825", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./825", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 164.217588][ T7484] loop0: detected capacity change from 0 to 1024 umount2("./825/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./825/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./825/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./825/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./825/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./825/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./825/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./825/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./825/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./825") = 0 mkdir("./826", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7486 ./strace-static-x86_64: Process 7486 attached [pid 7486] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7486] chdir("./826") = 0 [pid 7486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7486] setpgid(0, 0) = 0 [pid 7486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7486] write(3, "1000", 4) = 4 [pid 7486] close(3) = 0 [pid 7486] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7486] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7486] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7486] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7487 attached , parent_tid=[7487], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7487 [pid 7487] set_robust_list(0x7f546d3029e0, 24 [pid 7486] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7487] <... set_robust_list resumed>) = 0 [pid 7486] <... futex resumed>) = 0 [pid 7487] memfd_create("syzkaller", 0 [pid 7486] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7487] <... memfd_create resumed>) = 3 [pid 7487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7487] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7487] munmap(0x7f5464ee2000, 524288) = 0 [pid 7487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7487] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7487] close(3) = 0 [pid 7487] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7487] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7487] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7487] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7487] ioctl(4, LOOP_CLR_FD) = 0 [pid 7487] close(4) = 0 [pid 7487] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7487] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7486] <... futex resumed>) = 0 [pid 7486] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7486] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7486] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7486] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7488], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7488 [pid 7486] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7486] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7487] <... futex resumed>) = 0 [pid 7487] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7488 attached [pid 7488] set_robust_list(0x7f5464f619e0, 24 [pid 7487] <... mknodat resumed>) = 0 [pid 7487] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7487] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7488] <... set_robust_list resumed>) = 0 [pid 7488] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7488] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7488] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7488] chdir(".") = 0 [pid 7488] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7486] <... futex resumed>) = 0 [pid 7486] exit_group(0 [pid 7487] <... futex resumed>) = ? [pid 7486] <... exit_group resumed>) = ? [pid 7487] +++ exited with 0 +++ [pid 7488] <... futex resumed>) = ? [pid 7488] +++ exited with 0 +++ [pid 7486] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7486, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./826", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./826", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 164.318300][ T7487] loop0: detected capacity change from 0 to 1024 umount2("./826/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./826/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./826/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./826/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./826/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./826/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./826/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./826/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./826/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./826") = 0 mkdir("./827", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7489 ./strace-static-x86_64: Process 7489 attached [pid 7489] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7489] chdir("./827") = 0 [pid 7489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7489] setpgid(0, 0) = 0 [pid 7489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7489] write(3, "1000", 4) = 4 [pid 7489] close(3) = 0 [pid 7489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7489] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7489] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7489] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7490], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7490 [pid 7489] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7489] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7490 attached [pid 7490] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7490] memfd_create("syzkaller", 0) = 3 [pid 7490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7490] munmap(0x7f5464ee2000, 524288) = 0 [pid 7490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7490] close(3) = 0 [pid 7490] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7490] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7490] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7490] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7490] ioctl(4, LOOP_CLR_FD) = 0 [pid 7490] close(4) = 0 [pid 7490] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7490] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7489] <... futex resumed>) = 0 [pid 7489] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7489] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7489] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7489] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7490] <... futex resumed>) = 0 [pid 7489] <... clone resumed>, parent_tid=[7491], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7491 [pid 7489] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7489] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7490] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7491 attached [pid 7491] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7491] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7491] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7490] <... mknodat resumed>) = 0 [pid 7490] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7491] <... mount resumed>) = 0 [pid 7491] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7491] chdir("." [pid 7490] <... futex resumed>) = 0 [pid 7490] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7491] <... chdir resumed>) = 0 [pid 7491] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7489] <... futex resumed>) = 0 [pid 7491] <... futex resumed>) = 1 [pid 7489] exit_group(0) = ? [pid 7490] <... futex resumed>) = ? [pid 7491] +++ exited with 0 +++ [pid 7490] +++ exited with 0 +++ [pid 7489] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7489, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./827", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./827", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 164.422963][ T7490] loop0: detected capacity change from 0 to 1024 umount2("./827/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./827/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./827/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./827/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./827/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./827/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./827/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./827/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./827/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./827") = 0 mkdir("./828", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7492 ./strace-static-x86_64: Process 7492 attached [pid 7492] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7492] chdir("./828") = 0 [pid 7492] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7492] setpgid(0, 0) = 0 [pid 7492] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7492] write(3, "1000", 4) = 4 [pid 7492] close(3) = 0 [pid 7492] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7492] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7492] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7492] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7493 attached , parent_tid=[7493], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7493 [pid 7493] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7493] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7492] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7493] <... futex resumed>) = 0 [pid 7492] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7493] memfd_create("syzkaller", 0) = 3 [pid 7493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7493] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7493] munmap(0x7f5464ee2000, 524288) = 0 [pid 7493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7493] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7493] close(3) = 0 [pid 7493] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7493] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7493] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7493] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7493] ioctl(4, LOOP_CLR_FD) = 0 [pid 7493] close(4) = 0 [pid 7493] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7493] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7492] <... futex resumed>) = 0 [pid 7492] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7493] <... futex resumed>) = 0 [pid 7492] <... futex resumed>) = 1 [pid 7493] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7492] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7492] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7492] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7493] <... mknodat resumed>) = 0 [pid 7492] <... clone resumed>, parent_tid=[7494], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7494 [pid 7492] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7493] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7492] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7494 attached [pid 7493] <... futex resumed>) = 0 [pid 7493] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7494] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7494] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7494] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7494] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7494] chdir(".") = 0 [pid 7494] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7492] <... futex resumed>) = 0 [pid 7494] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7492] exit_group(0 [pid 7494] <... futex resumed>) = ? [pid 7493] <... futex resumed>) = ? [pid 7492] <... exit_group resumed>) = ? [pid 7494] +++ exited with 0 +++ [pid 7493] +++ exited with 0 +++ [pid 7492] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7492, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./828", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./828", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./828/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 164.544820][ T7493] loop0: detected capacity change from 0 to 1024 umount2("./828/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./828/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./828/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./828/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./828/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./828/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./828/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./828/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./828") = 0 mkdir("./829", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7495 ./strace-static-x86_64: Process 7495 attached [pid 7495] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7495] chdir("./829") = 0 [pid 7495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7495] setpgid(0, 0) = 0 [pid 7495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7495] write(3, "1000", 4) = 4 [pid 7495] close(3) = 0 [pid 7495] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7495] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7495] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7495] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7496 attached , parent_tid=[7496], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7496 [pid 7495] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7495] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7496] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7496] memfd_create("syzkaller", 0) = 3 [pid 7496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7496] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7496] munmap(0x7f5464ee2000, 524288) = 0 [pid 7496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7496] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7496] close(3) = 0 [pid 7496] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7496] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7496] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7496] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7496] ioctl(4, LOOP_CLR_FD) = 0 [pid 7496] close(4) = 0 [pid 7496] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7495] <... futex resumed>) = 0 [pid 7495] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7495] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7496] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7495] <... mmap resumed>) = 0x7f5464f41000 [pid 7495] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7495] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7497], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7497 [pid 7495] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7495] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7497 attached [pid 7496] <... mknodat resumed>) = 0 [pid 7497] set_robust_list(0x7f5464f619e0, 24 [pid 7496] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7497] <... set_robust_list resumed>) = 0 [pid 7496] <... futex resumed>) = 0 [pid 7497] mkdir(".", 0777 [pid 7496] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7497] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7497] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7497] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7497] chdir(".") = 0 [pid 7497] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7495] <... futex resumed>) = 0 [pid 7495] exit_group(0) = ? [pid 7497] <... futex resumed>) = ? [pid 7496] <... futex resumed>) = ? [pid 7497] +++ exited with 0 +++ [pid 7496] +++ exited with 0 +++ [pid 7495] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7495, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./829", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./829", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./829/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./829/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./829/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./829/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 164.654514][ T7496] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "./829/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./829/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./829/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./829/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./829/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./829") = 0 mkdir("./830", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7498 ./strace-static-x86_64: Process 7498 attached [pid 7498] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7498] chdir("./830") = 0 [pid 7498] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7498] setpgid(0, 0) = 0 [pid 7498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7498] write(3, "1000", 4) = 4 [pid 7498] close(3) = 0 [pid 7498] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7498] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7498] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7498] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7499], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7499 [pid 7498] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 7499 attached [pid 7498] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7499] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7499] memfd_create("syzkaller", 0) = 3 [pid 7499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7499] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7499] munmap(0x7f5464ee2000, 524288) = 0 [pid 7499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7499] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7499] close(3) = 0 [pid 7499] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7499] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7499] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7499] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7499] ioctl(4, LOOP_CLR_FD) = 0 [pid 7499] close(4) = 0 [pid 7499] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7498] <... futex resumed>) = 0 [pid 7498] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7498] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7498] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7498] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7499] <... futex resumed>) = 1 [pid 7499] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7498] <... clone resumed>, parent_tid=[7500], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7500 ./strace-static-x86_64: Process 7500 attached [pid 7498] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7500] set_robust_list(0x7f5464f619e0, 24 [pid 7498] <... futex resumed>) = 0 [pid 7500] <... set_robust_list resumed>) = 0 [pid 7498] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7500] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7500] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7499] <... mknodat resumed>) = 0 [pid 7499] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7499] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7500] <... mount resumed>) = 0 [pid 7500] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7500] chdir(".") = 0 [pid 7500] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7498] <... futex resumed>) = 0 [pid 7498] exit_group(0) = ? [pid 7499] <... futex resumed>) = ? [pid 7499] +++ exited with 0 +++ [pid 7500] +++ exited with 0 +++ [pid 7498] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7498, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./830", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./830", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./830/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 164.762825][ T7499] loop0: detected capacity change from 0 to 1024 umount2("./830/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./830/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./830/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./830/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./830/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./830/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./830/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./830/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./830") = 0 mkdir("./831", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7501 attached , child_tidptr=0x5555561b25d0) = 7501 [pid 7501] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7501] chdir("./831") = 0 [pid 7501] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7501] setpgid(0, 0) = 0 [pid 7501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7501] write(3, "1000", 4) = 4 [pid 7501] close(3) = 0 [pid 7501] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7501] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7501] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7501] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7502 attached , parent_tid=[7502], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7502 [pid 7502] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7502] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7501] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7502] <... futex resumed>) = 0 [pid 7501] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7502] memfd_create("syzkaller", 0) = 3 [pid 7502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7502] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7502] munmap(0x7f5464ee2000, 524288) = 0 [pid 7502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7502] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7502] close(3) = 0 [pid 7502] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7502] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7502] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7502] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7502] ioctl(4, LOOP_CLR_FD) = 0 [pid 7502] close(4) = 0 [pid 7502] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7501] <... futex resumed>) = 0 [pid 7501] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7501] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7501] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7501] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7503], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7503 [pid 7501] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7501] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7502] <... futex resumed>) = 1 [pid 7502] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7502] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7502] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7503 attached [pid 7503] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7503] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7503] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7503] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7503] chdir(".") = 0 [pid 7503] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7501] <... futex resumed>) = 0 [pid 7501] exit_group(0) = ? [pid 7503] +++ exited with 0 +++ [pid 7502] <... futex resumed>) = ? [pid 7502] +++ exited with 0 +++ [pid 7501] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7501, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./831", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./831", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./831/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./831/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./831/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./831/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./831/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 [ 164.874020][ T7502] loop0: detected capacity change from 0 to 1024 close(4) = 0 rmdir("./831/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./831/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./831/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./831/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./831") = 0 mkdir("./832", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7504 ./strace-static-x86_64: Process 7504 attached [pid 7504] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7504] chdir("./832") = 0 [pid 7504] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7504] setpgid(0, 0) = 0 [pid 7504] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7504] write(3, "1000", 4) = 4 [pid 7504] close(3) = 0 [pid 7504] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7504] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7504] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7504] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7505 attached , parent_tid=[7505], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7505 [pid 7504] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7504] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7505] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7505] memfd_create("syzkaller", 0) = 3 [pid 7505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7505] munmap(0x7f5464ee2000, 524288) = 0 [pid 7505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7505] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7505] close(3) = 0 [pid 7505] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7505] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7505] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7505] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7505] ioctl(4, LOOP_CLR_FD) = 0 [pid 7505] close(4) = 0 [pid 7505] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7504] <... futex resumed>) = 0 [pid 7505] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7504] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7504] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7504] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7504] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7506 attached [pid 7506] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7504] <... clone resumed>, parent_tid=[7506], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7506 [pid 7504] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7504] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7506] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7505] <... mknodat resumed>) = 0 [pid 7506] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7505] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7505] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7506] <... mount resumed>) = 0 [pid 7506] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [ 164.972313][ T7505] loop0: detected capacity change from 0 to 1024 [pid 7506] chdir(".") = 0 [pid 7506] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7504] <... futex resumed>) = 0 [pid 7506] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7504] exit_group(0 [pid 7506] <... futex resumed>) = ? [pid 7505] <... futex resumed>) = ? [pid 7504] <... exit_group resumed>) = ? [pid 7506] +++ exited with 0 +++ [pid 7505] +++ exited with 0 +++ [pid 7504] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7504, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./832", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./832", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./832/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./832/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./832/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./832/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./832/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./832/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./832/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./832/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./832/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./832") = 0 mkdir("./833", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7507 ./strace-static-x86_64: Process 7507 attached [pid 7507] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7507] chdir("./833") = 0 [pid 7507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7507] setpgid(0, 0) = 0 [pid 7507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7507] write(3, "1000", 4) = 4 [pid 7507] close(3) = 0 [pid 7507] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7507] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7507] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7507] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7508 attached [pid 7508] set_robust_list(0x7f546d3029e0, 24 [pid 7507] <... clone resumed>, parent_tid=[7508], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7508 [pid 7507] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7507] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7508] <... set_robust_list resumed>) = 0 [pid 7508] memfd_create("syzkaller", 0) = 3 [pid 7508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7508] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7508] munmap(0x7f5464ee2000, 524288) = 0 [pid 7508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7508] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7508] close(3) = 0 [pid 7508] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7508] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7508] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7508] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7508] ioctl(4, LOOP_CLR_FD) = 0 [pid 7508] close(4) = 0 [pid 7508] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7507] <... futex resumed>) = 0 [pid 7507] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7507] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7508] <... futex resumed>) = 1 [pid 7507] <... mmap resumed>) = 0x7f5464f41000 [pid 7507] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7508] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7507] <... mprotect resumed>) = 0 [pid 7507] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7509 attached [pid 7509] set_robust_list(0x7f5464f619e0, 24 [pid 7507] <... clone resumed>, parent_tid=[7509], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7509 [pid 7509] <... set_robust_list resumed>) = 0 [pid 7507] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7508] <... mknodat resumed>) = 0 [pid 7508] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7508] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7509] mkdir(".", 0777 [pid 7507] <... futex resumed>) = 0 [pid 7507] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7509] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7509] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7509] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7509] chdir(".") = 0 [pid 7509] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7509] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7507] <... futex resumed>) = 0 [pid 7507] exit_group(0) = ? [pid 7508] <... futex resumed>) = ? [pid 7508] +++ exited with 0 +++ [pid 7509] <... futex resumed>) = ? [pid 7509] +++ exited with 0 +++ [pid 7507] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7507, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./833", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./833", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./833/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 165.088791][ T7508] loop0: detected capacity change from 0 to 1024 umount2("./833/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./833/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./833/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./833/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./833/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./833/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./833/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./833/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./833") = 0 mkdir("./834", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7510 attached , child_tidptr=0x5555561b25d0) = 7510 [pid 7510] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7510] chdir("./834") = 0 [pid 7510] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7510] setpgid(0, 0) = 0 [pid 7510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7510] write(3, "1000", 4) = 4 [pid 7510] close(3) = 0 [pid 7510] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7510] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7510] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7510] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7511 attached , parent_tid=[7511], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7511 [pid 7510] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7510] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7511] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7511] memfd_create("syzkaller", 0) = 3 [pid 7511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7511] munmap(0x7f5464ee2000, 524288) = 0 [pid 7511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7511] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7511] close(3) = 0 [pid 7511] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7511] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7511] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7511] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7511] ioctl(4, LOOP_CLR_FD) = 0 [pid 7511] close(4) = 0 [pid 7511] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7510] <... futex resumed>) = 0 [pid 7511] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7510] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7511] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7510] <... futex resumed>) = 0 [pid 7511] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7510] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7511] <... mknodat resumed>) = 0 [pid 7510] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7511] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7510] <... mprotect resumed>) = 0 [pid 7510] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7511] <... futex resumed>) = 0 [pid 7510] <... clone resumed>, parent_tid=[7512], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7512 [pid 7510] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7510] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7511] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7512 attached [pid 7512] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7512] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7512] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7512] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7512] chdir(".") = 0 [pid 7512] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7510] <... futex resumed>) = 0 [pid 7512] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7510] exit_group(0 [pid 7512] <... futex resumed>) = ? [pid 7510] <... exit_group resumed>) = ? [pid 7512] +++ exited with 0 +++ [pid 7511] <... futex resumed>) = ? [pid 7511] +++ exited with 0 +++ [pid 7510] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7510, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./834", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./834", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 165.193525][ T7511] loop0: detected capacity change from 0 to 1024 umount2("./834/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./834/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./834/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./834/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./834/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./834/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./834/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./834/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./834/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./834") = 0 mkdir("./835", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7513 ./strace-static-x86_64: Process 7513 attached [pid 7513] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7513] chdir("./835") = 0 [pid 7513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7513] setpgid(0, 0) = 0 [pid 7513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7513] write(3, "1000", 4) = 4 [pid 7513] close(3) = 0 [pid 7513] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7513] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7513] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7513] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7514 attached , parent_tid=[7514], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7514 [pid 7514] set_robust_list(0x7f546d3029e0, 24 [pid 7513] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7513] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7514] <... set_robust_list resumed>) = 0 [pid 7514] memfd_create("syzkaller", 0) = 3 [pid 7514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7514] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7514] munmap(0x7f5464ee2000, 524288) = 0 [pid 7514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7514] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7514] close(3) = 0 [pid 7514] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7514] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7514] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7514] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7514] ioctl(4, LOOP_CLR_FD) = 0 [pid 7514] close(4) = 0 [pid 7514] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7513] <... futex resumed>) = 0 [pid 7513] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7513] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7513] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7513] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7515], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7515 [pid 7513] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7513] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7514] <... futex resumed>) = 1 [pid 7514] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7515 attached ) = 0 [pid 7514] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7514] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7515] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7515] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7515] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7515] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7515] chdir(".") = 0 [pid 7515] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7513] <... futex resumed>) = 0 [pid 7515] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7513] exit_group(0 [pid 7515] <... futex resumed>) = ? [pid 7514] <... futex resumed>) = ? [pid 7513] <... exit_group resumed>) = ? [pid 7515] +++ exited with 0 +++ [pid 7514] +++ exited with 0 +++ [pid 7513] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7513, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./835", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./835", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./835/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./835/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./835/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./835/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./835/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./835/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./835/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./835/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 165.318787][ T7514] loop0: detected capacity change from 0 to 1024 unlink("./835/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./835") = 0 mkdir("./836", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7516 ./strace-static-x86_64: Process 7516 attached [pid 7516] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7516] chdir("./836") = 0 [pid 7516] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7516] setpgid(0, 0) = 0 [pid 7516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7516] write(3, "1000", 4) = 4 [pid 7516] close(3) = 0 [pid 7516] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7516] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7516] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7516] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7517 attached , parent_tid=[7517], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7517 [pid 7516] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7516] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7517] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7517] memfd_create("syzkaller", 0) = 3 [pid 7517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7517] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7517] munmap(0x7f5464ee2000, 524288) = 0 [pid 7517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7517] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7517] close(3) = 0 [pid 7517] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7517] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7517] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7517] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7517] ioctl(4, LOOP_CLR_FD) = 0 [pid 7517] close(4) = 0 [pid 7517] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7516] <... futex resumed>) = 0 [pid 7516] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7516] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7516] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7516] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7518], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7518 [pid 7516] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7516] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7517] <... futex resumed>) = 1 [pid 7517] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7517] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7517] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7518 attached [pid 7518] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7518] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7518] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7518] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7518] chdir(".") = 0 [pid 7518] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7516] <... futex resumed>) = 0 [pid 7518] <... futex resumed>) = 1 [pid 7518] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7516] exit_group(0 [pid 7517] <... futex resumed>) = ? [pid 7516] <... exit_group resumed>) = ? [pid 7518] <... futex resumed>) = ? [pid 7517] +++ exited with 0 +++ [pid 7518] +++ exited with 0 +++ [pid 7516] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7516, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./836", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./836", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 165.423424][ T7517] loop0: detected capacity change from 0 to 1024 umount2("./836/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./836/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./836/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./836/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./836/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./836/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./836/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./836/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./836/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./836") = 0 mkdir("./837", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7519 ./strace-static-x86_64: Process 7519 attached [pid 7519] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7519] chdir("./837") = 0 [pid 7519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7519] setpgid(0, 0) = 0 [pid 7519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7519] write(3, "1000", 4) = 4 [pid 7519] close(3) = 0 [pid 7519] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7519] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7519] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7519] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7520 attached , parent_tid=[7520], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7520 [pid 7520] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7519] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7520] memfd_create("syzkaller", 0 [pid 7519] <... futex resumed>) = 0 [pid 7520] <... memfd_create resumed>) = 3 [pid 7519] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7520] munmap(0x7f5464ee2000, 524288) = 0 [pid 7520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7520] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7520] close(3) = 0 [pid 7520] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7520] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7520] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7520] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7520] ioctl(4, LOOP_CLR_FD) = 0 [pid 7520] close(4) = 0 [pid 7520] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7519] <... futex resumed>) = 0 [pid 7519] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7520] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7519] <... futex resumed>) = 0 [pid 7519] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7519] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7519] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7521], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7521 [pid 7519] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7521 attached ) = 0 [pid 7521] set_robust_list(0x7f5464f619e0, 24 [pid 7519] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7521] <... set_robust_list resumed>) = 0 [pid 7521] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7521] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7520] <... mknodat resumed>) = 0 [pid 7520] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7520] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7521] <... mount resumed>) = 0 [pid 7521] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7521] chdir(".") = 0 [pid 7521] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7519] <... futex resumed>) = 0 [pid 7521] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7519] exit_group(0 [pid 7520] <... futex resumed>) = ? [pid 7521] <... futex resumed>) = ? [pid 7519] <... exit_group resumed>) = ? [pid 7520] +++ exited with 0 +++ [pid 7521] +++ exited with 0 +++ [pid 7519] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7519, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./837", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./837", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 165.539469][ T7520] loop0: detected capacity change from 0 to 1024 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./837/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./837/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./837/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./837/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./837/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./837/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./837/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./837/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./837/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./837") = 0 mkdir("./838", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7522 ./strace-static-x86_64: Process 7522 attached [pid 7522] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7522] chdir("./838") = 0 [pid 7522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7522] setpgid(0, 0) = 0 [pid 7522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7522] write(3, "1000", 4) = 4 [pid 7522] close(3) = 0 [pid 7522] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7522] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7522] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7522] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7523 attached , parent_tid=[7523], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7523 [pid 7523] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7523] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7522] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7523] <... futex resumed>) = 0 [pid 7522] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7523] memfd_create("syzkaller", 0) = 3 [pid 7523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7523] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7523] munmap(0x7f5464ee2000, 524288) = 0 [pid 7523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7523] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7523] close(3) = 0 [pid 7523] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7523] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7523] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7523] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7523] ioctl(4, LOOP_CLR_FD) = 0 [pid 7523] close(4) = 0 [pid 7523] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7522] <... futex resumed>) = 0 [pid 7523] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7522] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7522] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7522] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7522] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7524 attached [pid 7524] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7524] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7523] <... mknodat resumed>) = 0 [pid 7522] <... clone resumed>, parent_tid=[7524], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7524 [pid 7522] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7523] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7524] <... futex resumed>) = 0 [pid 7522] <... futex resumed>) = 1 [pid 7523] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7522] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7524] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7524] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7524] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7524] chdir(".") = 0 [pid 7524] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7522] <... futex resumed>) = 0 [pid 7524] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7522] exit_group(0 [pid 7524] <... futex resumed>) = ? [pid 7523] <... futex resumed>) = ? [pid 7522] <... exit_group resumed>) = ? [pid 7523] +++ exited with 0 +++ [pid 7524] +++ exited with 0 +++ [pid 7522] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7522, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./838", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./838", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 165.665190][ T7523] loop0: detected capacity change from 0 to 1024 umount2("./838/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./838/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./838/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./838/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./838/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./838/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./838/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./838/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./838/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./838") = 0 mkdir("./839", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7525 ./strace-static-x86_64: Process 7525 attached [pid 7525] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7525] chdir("./839") = 0 [pid 7525] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7525] setpgid(0, 0) = 0 [pid 7525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7525] write(3, "1000", 4) = 4 [pid 7525] close(3) = 0 [pid 7525] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7525] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7525] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7525] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7526 attached , parent_tid=[7526], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7526 [pid 7525] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7526] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7525] <... futex resumed>) = 0 [pid 7525] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7526] memfd_create("syzkaller", 0) = 3 [pid 7526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7526] munmap(0x7f5464ee2000, 524288) = 0 [pid 7526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7526] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7526] close(3) = 0 [pid 7526] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7526] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7526] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7526] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7526] ioctl(4, LOOP_CLR_FD) = 0 [pid 7526] close(4) = 0 [pid 7526] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7525] <... futex resumed>) = 0 [pid 7525] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7525] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7525] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7525] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7527], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7527 ./strace-static-x86_64: Process 7527 attached [pid 7525] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7525] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7527] set_robust_list(0x7f5464f619e0, 24 [pid 7526] <... futex resumed>) = 1 [pid 7526] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7527] <... set_robust_list resumed>) = 0 [pid 7527] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7527] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7526] <... mknodat resumed>) = 0 [pid 7526] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 165.799554][ T7526] loop0: detected capacity change from 0 to 1024 [pid 7526] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7527] <... mount resumed>) = 0 [pid 7527] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7527] chdir(".") = 0 [pid 7527] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7525] <... futex resumed>) = 0 [pid 7527] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7525] exit_group(0 [pid 7526] <... futex resumed>) = ? [pid 7525] <... exit_group resumed>) = ? [pid 7527] <... futex resumed>) = ? [pid 7526] +++ exited with 0 +++ [pid 7527] +++ exited with 0 +++ [pid 7525] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7525, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./839", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./839", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./839/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./839/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./839/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./839/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./839/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./839/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./839/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./839/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./839/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./839") = 0 mkdir("./840", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7528 ./strace-static-x86_64: Process 7528 attached [pid 7528] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7528] chdir("./840") = 0 [pid 7528] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7528] setpgid(0, 0) = 0 [pid 7528] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7528] write(3, "1000", 4) = 4 [pid 7528] close(3) = 0 [pid 7528] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7528] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7528] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7528] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7529 attached , parent_tid=[7529], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7529 [pid 7529] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7529] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7528] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7529] <... futex resumed>) = 0 [pid 7528] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7529] memfd_create("syzkaller", 0) = 3 [pid 7529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7529] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7529] munmap(0x7f5464ee2000, 524288) = 0 [pid 7529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7529] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7529] close(3) = 0 [pid 7529] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7529] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7529] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7529] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7529] ioctl(4, LOOP_CLR_FD) = 0 [pid 7529] close(4) = 0 [pid 7529] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7528] <... futex resumed>) = 0 [pid 7529] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7528] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7528] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7528] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7529] <... mknodat resumed>) = 0 [pid 7528] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7529] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7528] <... clone resumed>, parent_tid=[7530], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7530 [pid 7529] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7528] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7528] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7530 attached [pid 7530] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7530] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7530] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7530] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7530] chdir(".") = 0 [pid 7530] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7528] <... futex resumed>) = 0 [pid 7530] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7528] exit_group(0 [pid 7530] <... futex resumed>) = ? [pid 7529] <... futex resumed>) = ? [pid 7528] <... exit_group resumed>) = ? [pid 7530] +++ exited with 0 +++ [pid 7529] +++ exited with 0 +++ [pid 7528] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7528, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./840", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./840", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 165.928672][ T7529] loop0: detected capacity change from 0 to 1024 umount2("./840/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./840/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./840/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./840/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./840/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./840/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./840/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./840/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./840/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./840") = 0 mkdir("./841", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7531 ./strace-static-x86_64: Process 7531 attached [pid 7531] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7531] chdir("./841") = 0 [pid 7531] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7531] setpgid(0, 0) = 0 [pid 7531] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7531] write(3, "1000", 4) = 4 [pid 7531] close(3) = 0 [pid 7531] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7531] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7531] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7531] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7531] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7532], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7532 [pid 7531] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7531] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7532 attached [pid 7532] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7532] memfd_create("syzkaller", 0) = 3 [pid 7532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7532] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7532] munmap(0x7f5464ee2000, 524288) = 0 [pid 7532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7532] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7532] close(3) = 0 [pid 7532] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7532] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7532] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7532] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7532] ioctl(4, LOOP_CLR_FD) = 0 [pid 7532] close(4) = 0 [pid 7532] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7531] <... futex resumed>) = 0 [pid 7531] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7531] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7531] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7531] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7531] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7533], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7533 [pid 7531] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7531] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7532] <... futex resumed>) = 1 [pid 7532] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7533 attached [pid 7533] set_robust_list(0x7f5464f619e0, 24 [pid 7532] <... mknodat resumed>) = 0 [pid 7532] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7532] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7533] <... set_robust_list resumed>) = 0 [pid 7533] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7533] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7533] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7533] chdir(".") = 0 [pid 7533] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7531] <... futex resumed>) = 0 [pid 7531] exit_group(0) = ? [pid 7532] <... futex resumed>) = ? [pid 7532] +++ exited with 0 +++ [pid 7533] <... futex resumed>) = ? [pid 7533] +++ exited with 0 +++ [pid 7531] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7531, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./841", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./841", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./841/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./841/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./841/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./841/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./841/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./841/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./841/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./841/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./841/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./841") = 0 mkdir("./842", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7534 ./strace-static-x86_64: Process 7534 attached [pid 7534] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7534] chdir("./842") = 0 [pid 7534] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7534] setpgid(0, 0) = 0 [pid 7534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7534] write(3, "1000", 4) = 4 [pid 7534] close(3) = 0 [pid 7534] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7534] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 166.025430][ T7532] loop0: detected capacity change from 0 to 1024 [pid 7534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7534] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7534] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7535], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7535 [pid 7534] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7534] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7535 attached [pid 7535] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7535] memfd_create("syzkaller", 0) = 3 [pid 7535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7535] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7535] munmap(0x7f5464ee2000, 524288) = 0 [pid 7535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7535] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7535] close(3) = 0 [pid 7535] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7535] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7535] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7535] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7535] ioctl(4, LOOP_CLR_FD) = 0 [pid 7535] close(4) = 0 [pid 7535] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7534] <... futex resumed>) = 0 [pid 7534] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7534] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7534] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7534] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7536], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7536 [pid 7534] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7534] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7535] <... futex resumed>) = 1 [pid 7535] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7535] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7535] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7536 attached [pid 7536] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7536] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7536] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7536] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7536] chdir(".") = 0 [pid 7536] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7534] <... futex resumed>) = 0 [pid 7534] exit_group(0) = ? [pid 7535] <... futex resumed>) = ? [pid 7535] +++ exited with 0 +++ [pid 7536] <... futex resumed>) = ? [pid 7536] +++ exited with 0 +++ [pid 7534] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7534, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./842", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./842", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./842/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./842/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./842/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./842/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./842/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./842/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./842/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./842/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./842/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./842") = 0 [ 166.109360][ T7535] loop0: detected capacity change from 0 to 1024 mkdir("./843", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7537 ./strace-static-x86_64: Process 7537 attached [pid 7537] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7537] chdir("./843") = 0 [pid 7537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7537] setpgid(0, 0) = 0 [pid 7537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7537] write(3, "1000", 4) = 4 [pid 7537] close(3) = 0 [pid 7537] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7537] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7537] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7537] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7538], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7538 ./strace-static-x86_64: Process 7538 attached [pid 7538] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7538] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7537] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7538] <... futex resumed>) = 0 [pid 7537] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7538] memfd_create("syzkaller", 0) = 3 [pid 7538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7538] munmap(0x7f5464ee2000, 524288) = 0 [pid 7538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7538] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7538] close(3) = 0 [pid 7538] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7538] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7538] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7538] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7538] ioctl(4, LOOP_CLR_FD) = 0 [pid 7538] close(4) = 0 [pid 7538] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7537] <... futex resumed>) = 0 [pid 7538] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7537] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7538] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7537] <... futex resumed>) = 0 [pid 7538] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7537] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7538] <... mknodat resumed>) = 0 [pid 7537] <... futex resumed>) = 0 [pid 7538] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7538] <... futex resumed>) = 0 [pid 7537] <... mmap resumed>) = 0x7f5464f41000 [pid 7538] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7537] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7537] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7539], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7539 [pid 7537] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7539 attached ) = 0 [pid 7539] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7539] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7539] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7537] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7539] <... mount resumed>) = 0 [pid 7539] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7539] chdir(".") = 0 [pid 7539] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7539] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7537] <... futex resumed>) = 0 [pid 7537] exit_group(0 [pid 7538] <... futex resumed>) = ? [pid 7537] <... exit_group resumed>) = ? [pid 7538] +++ exited with 0 +++ [pid 7539] <... futex resumed>) = ? [pid 7539] +++ exited with 0 +++ [pid 7537] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7537, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./843", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./843", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 166.205851][ T7538] loop0: detected capacity change from 0 to 1024 umount2("./843/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./843/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./843/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./843/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./843/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./843/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./843/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./843/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./843/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./843") = 0 mkdir("./844", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7540 ./strace-static-x86_64: Process 7540 attached [pid 7540] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7540] chdir("./844") = 0 [pid 7540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7540] setpgid(0, 0) = 0 [pid 7540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7540] write(3, "1000", 4) = 4 [pid 7540] close(3) = 0 [pid 7540] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7540] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7540] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7540] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7541 attached , parent_tid=[7541], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7541 [pid 7541] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7541] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7540] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7541] <... futex resumed>) = 0 [pid 7540] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7541] memfd_create("syzkaller", 0) = 3 [pid 7541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7541] munmap(0x7f5464ee2000, 524288) = 0 [pid 7541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7541] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7541] close(3) = 0 [pid 7541] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7541] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7541] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7541] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7541] ioctl(4, LOOP_CLR_FD) = 0 [pid 7541] close(4) = 0 [pid 7541] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7540] <... futex resumed>) = 0 [pid 7541] <... futex resumed>) = 1 [pid 7540] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7541] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7540] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7540] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7540] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7542], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7542 [pid 7540] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7540] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7542 attached [pid 7542] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7542] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7542] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7541] <... mknodat resumed>) = 0 [pid 7541] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7542] <... mount resumed>) = 0 [pid 7542] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7541] <... futex resumed>) = 0 [pid 7542] chdir(".") = 0 [ 166.311857][ T7541] loop0: detected capacity change from 0 to 1024 [pid 7541] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7542] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7540] <... futex resumed>) = 0 [pid 7542] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7540] exit_group(0 [pid 7542] <... futex resumed>) = ? [pid 7541] <... futex resumed>) = ? [pid 7540] <... exit_group resumed>) = ? [pid 7542] +++ exited with 0 +++ [pid 7541] +++ exited with 0 +++ [pid 7540] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7540, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./844", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./844", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./844/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./844/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./844/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./844/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./844/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./844/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./844/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./844/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./844/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./844") = 0 mkdir("./845", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7543 ./strace-static-x86_64: Process 7543 attached [pid 7543] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7543] chdir("./845") = 0 [pid 7543] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7543] setpgid(0, 0) = 0 [pid 7543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7543] write(3, "1000", 4) = 4 [pid 7543] close(3) = 0 [pid 7543] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7543] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7543] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7543] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7544], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7544 [pid 7543] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7543] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7544 attached [pid 7544] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7544] memfd_create("syzkaller", 0) = 3 [pid 7544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7544] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7544] munmap(0x7f5464ee2000, 524288) = 0 [pid 7544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7544] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7544] close(3) = 0 [pid 7544] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7544] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7544] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7544] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7544] ioctl(4, LOOP_CLR_FD) = 0 [pid 7544] close(4) = 0 [pid 7544] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7543] <... futex resumed>) = 0 [pid 7543] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7543] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7544] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7543] <... mmap resumed>) = 0x7f5464f41000 [pid 7543] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7543] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7545], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7545 [pid 7543] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7543] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7545 attached [pid 7545] set_robust_list(0x7f5464f619e0, 24 [pid 7544] <... mknodat resumed>) = 0 [pid 7544] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7544] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7545] <... set_robust_list resumed>) = 0 [pid 7545] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7545] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7545] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7545] chdir(".") = 0 [pid 7545] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7543] <... futex resumed>) = 0 [pid 7543] exit_group(0 [pid 7544] <... futex resumed>) = ? [pid 7543] <... exit_group resumed>) = ? [pid 7544] +++ exited with 0 +++ [pid 7545] +++ exited with 0 +++ [pid 7543] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7543, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./845", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 166.431205][ T7544] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "./845", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./845/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./845/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./845/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./845/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./845/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./845/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./845/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./845/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./845/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./845") = 0 mkdir("./846", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7546 ./strace-static-x86_64: Process 7546 attached [pid 7546] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7546] chdir("./846") = 0 [pid 7546] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7546] setpgid(0, 0) = 0 [pid 7546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7546] write(3, "1000", 4) = 4 [pid 7546] close(3) = 0 [pid 7546] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7546] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7546] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7546] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7547 attached [pid 7547] set_robust_list(0x7f546d3029e0, 24 [pid 7546] <... clone resumed>, parent_tid=[7547], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7547 [pid 7547] <... set_robust_list resumed>) = 0 [pid 7546] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7546] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7547] memfd_create("syzkaller", 0) = 3 [pid 7547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7547] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7547] munmap(0x7f5464ee2000, 524288) = 0 [pid 7547] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7547] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7547] close(3) = 0 [pid 7547] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7547] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7547] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7547] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7547] ioctl(4, LOOP_CLR_FD) = 0 [pid 7547] close(4) = 0 [pid 7547] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7547] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7546] <... futex resumed>) = 0 [pid 7546] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7547] <... futex resumed>) = 0 [pid 7546] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7547] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7546] <... futex resumed>) = 0 [pid 7546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7546] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7546] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7548 attached , parent_tid=[7548], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7548 [pid 7546] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7546] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7547] <... mknodat resumed>) = 0 [pid 7547] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7547] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7548] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7548] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7548] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7548] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7548] chdir(".") = 0 [pid 7548] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7546] <... futex resumed>) = 0 [pid 7548] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7546] exit_group(0 [pid 7547] <... futex resumed>) = ? [pid 7546] <... exit_group resumed>) = ? [pid 7547] +++ exited with 0 +++ [pid 7548] <... futex resumed>) = ? [pid 7548] +++ exited with 0 +++ [pid 7546] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7546, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./846", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./846", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 166.557787][ T7547] loop0: detected capacity change from 0 to 1024 umount2("./846/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./846/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./846/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./846/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./846/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./846/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./846/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./846/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./846/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./846") = 0 mkdir("./847", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7549 ./strace-static-x86_64: Process 7549 attached [pid 7549] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7549] chdir("./847") = 0 [pid 7549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7549] setpgid(0, 0) = 0 [pid 7549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7549] write(3, "1000", 4) = 4 [pid 7549] close(3) = 0 [pid 7549] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7549] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7549] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7549] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7550], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7550 [pid 7549] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7549] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7550 attached [pid 7550] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7550] memfd_create("syzkaller", 0) = 3 [pid 7550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7550] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7550] munmap(0x7f5464ee2000, 524288) = 0 [pid 7550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7550] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7550] close(3) = 0 [pid 7550] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7550] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7550] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7550] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7550] ioctl(4, LOOP_CLR_FD) = 0 [pid 7550] close(4) = 0 [pid 7550] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7549] <... futex resumed>) = 0 [pid 7550] <... futex resumed>) = 1 [pid 7549] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7550] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7549] <... futex resumed>) = 0 [pid 7549] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7549] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7549] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7551], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7551 [pid 7549] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7549] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7550] <... mknodat resumed>) = 0 [pid 7550] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7550] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7551 attached [pid 7551] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7551] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7551] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7551] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7551] chdir(".") = 0 [pid 7551] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7549] <... futex resumed>) = 0 [pid 7551] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7549] exit_group(0 [pid 7551] <... futex resumed>) = ? [pid 7549] <... exit_group resumed>) = ? [pid 7550] <... futex resumed>) = ? [pid 7551] +++ exited with 0 +++ [pid 7550] +++ exited with 0 +++ [pid 7549] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7549, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./847", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./847", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./847/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./847/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./847/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./847/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./847/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./847/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./847/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./847/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./847/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./847") = 0 mkdir("./848", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 166.672864][ T7550] loop0: detected capacity change from 0 to 1024 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7552 ./strace-static-x86_64: Process 7552 attached [pid 7552] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7552] chdir("./848") = 0 [pid 7552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7552] setpgid(0, 0) = 0 [pid 7552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7552] write(3, "1000", 4) = 4 [pid 7552] close(3) = 0 [pid 7552] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7552] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7552] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7552] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7553], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7553 ./strace-static-x86_64: Process 7553 attached [pid 7552] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7552] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7553] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7553] memfd_create("syzkaller", 0) = 3 [pid 7553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7553] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7553] munmap(0x7f5464ee2000, 524288) = 0 [pid 7553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7553] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7553] close(3) = 0 [pid 7553] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7553] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7553] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7553] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7553] ioctl(4, LOOP_CLR_FD) = 0 [pid 7553] close(4) = 0 [pid 7553] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7552] <... futex resumed>) = 0 [pid 7552] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7552] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7552] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7552] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7554], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7554 [pid 7552] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7552] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7553] <... futex resumed>) = 1 [pid 7553] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7553] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7553] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7554 attached [pid 7554] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7554] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7554] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7554] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7554] chdir(".") = 0 [pid 7554] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7552] <... futex resumed>) = 0 [pid 7552] exit_group(0 [pid 7554] ???( [pid 7552] <... exit_group resumed>) = ? [pid 7553] <... futex resumed>) = ? [pid 7553] +++ exited with 0 +++ [pid 7554] <... ??? resumed>) = ? [pid 7554] +++ exited with 0 +++ [pid 7552] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7552, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./848", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./848", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./848/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./848/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./848/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./848/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./848/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 166.766454][ T7553] loop0: detected capacity change from 0 to 1024 rmdir("./848/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./848/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./848/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./848/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./848") = 0 mkdir("./849", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7555 attached , child_tidptr=0x5555561b25d0) = 7555 [pid 7555] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7555] chdir("./849") = 0 [pid 7555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7555] setpgid(0, 0) = 0 [pid 7555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7555] write(3, "1000", 4) = 4 [pid 7555] close(3) = 0 [pid 7555] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7555] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7555] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7555] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7556], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7556 [pid 7555] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7555] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7556 attached [pid 7556] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7556] memfd_create("syzkaller", 0) = 3 [pid 7556] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7556] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7556] munmap(0x7f5464ee2000, 524288) = 0 [pid 7556] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7556] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7556] close(3) = 0 [pid 7556] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7556] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7556] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7556] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7556] ioctl(4, LOOP_CLR_FD) = 0 [pid 7556] close(4) = 0 [pid 7556] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7555] <... futex resumed>) = 0 [pid 7555] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7555] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7555] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7555] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7557], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7557 [pid 7555] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7555] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7556] <... futex resumed>) = 1 [pid 7556] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7557 attached [pid 7557] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7557] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7557] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7556] <... mknodat resumed>) = 0 [pid 7556] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7556] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7557] <... mount resumed>) = 0 [pid 7557] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7557] chdir(".") = 0 [pid 7557] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7557] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7555] <... futex resumed>) = 0 [pid 7555] exit_group(0 [pid 7556] <... futex resumed>) = ? [pid 7555] <... exit_group resumed>) = ? [pid 7557] <... futex resumed>) = ? [pid 7556] +++ exited with 0 +++ [pid 7557] +++ exited with 0 +++ [pid 7555] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7555, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./849", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./849", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 166.860624][ T7556] loop0: detected capacity change from 0 to 1024 umount2("./849/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./849/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./849/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./849/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./849/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./849/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./849/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./849/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./849/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./849") = 0 mkdir("./850", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7558 ./strace-static-x86_64: Process 7558 attached [pid 7558] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7558] chdir("./850") = 0 [pid 7558] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7558] setpgid(0, 0) = 0 [pid 7558] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7558] write(3, "1000", 4) = 4 [pid 7558] close(3) = 0 [pid 7558] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7558] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7558] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7558] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7559 attached [pid 7559] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7559] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7558] <... clone resumed>, parent_tid=[7559], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7559 [pid 7558] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7559] <... futex resumed>) = 0 [pid 7558] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7559] memfd_create("syzkaller", 0) = 3 [pid 7559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7559] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7559] munmap(0x7f5464ee2000, 524288) = 0 [pid 7559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7559] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7559] close(3) = 0 [pid 7559] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7559] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7559] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7559] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7559] ioctl(4, LOOP_CLR_FD) = 0 [pid 7559] close(4) = 0 [pid 7559] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7559] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7558] <... futex resumed>) = 0 [pid 7558] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7559] <... futex resumed>) = 0 [pid 7558] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7559] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7558] <... futex resumed>) = 0 [pid 7558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7558] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7558] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7560], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7560 [pid 7558] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7558] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7559] <... mknodat resumed>) = 0 [pid 7559] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7559] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7560 attached [pid 7560] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7560] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7560] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7560] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7560] chdir(".") = 0 [pid 7560] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7558] <... futex resumed>) = 0 [pid 7558] exit_group(0 [pid 7559] <... futex resumed>) = ? [pid 7558] <... exit_group resumed>) = ? [pid 7559] +++ exited with 0 +++ [pid 7560] <... futex resumed>) = ? [pid 7560] +++ exited with 0 +++ [pid 7558] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7558, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./850", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./850", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./850/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./850/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./850/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./850/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./850/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 166.970074][ T7559] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./850/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./850/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./850/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./850/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./850") = 0 mkdir("./851", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7561 ./strace-static-x86_64: Process 7561 attached [pid 7561] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7561] chdir("./851") = 0 [pid 7561] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7561] setpgid(0, 0) = 0 [pid 7561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7561] write(3, "1000", 4) = 4 [pid 7561] close(3) = 0 [pid 7561] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7561] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7561] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7561] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7562], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7562 [pid 7561] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7561] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7562 attached [pid 7562] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7562] memfd_create("syzkaller", 0) = 3 [pid 7562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7562] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7562] munmap(0x7f5464ee2000, 524288) = 0 [pid 7562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7562] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7562] close(3) = 0 [pid 7562] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7562] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7562] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7562] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7562] ioctl(4, LOOP_CLR_FD) = 0 [pid 7562] close(4) = 0 [pid 7562] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7561] <... futex resumed>) = 0 [pid 7561] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7561] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7561] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7561] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7563], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7563 [pid 7561] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7561] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7562] <... futex resumed>) = 1 [pid 7562] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7563 attached [pid 7563] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7563] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7562] <... mknodat resumed>) = 0 [pid 7562] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7562] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7563] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7563] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7563] chdir(".") = 0 [pid 7563] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7561] <... futex resumed>) = 0 [pid 7563] <... futex resumed>) = 1 [pid 7561] exit_group(0) = ? [pid 7562] <... futex resumed>) = ? [pid 7562] +++ exited with 0 +++ [pid 7563] +++ exited with 0 +++ [pid 7561] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7561, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./851", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./851", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 167.066340][ T7562] loop0: detected capacity change from 0 to 1024 umount2("./851/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./851/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./851/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./851/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./851/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./851/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./851/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./851/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./851/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./851") = 0 mkdir("./852", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7564 ./strace-static-x86_64: Process 7564 attached [pid 7564] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7564] chdir("./852") = 0 [pid 7564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7564] setpgid(0, 0) = 0 [pid 7564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7564] write(3, "1000", 4) = 4 [pid 7564] close(3) = 0 [pid 7564] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7564] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7564] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7564] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7565], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7565 [pid 7564] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7564] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7565 attached [pid 7565] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7565] memfd_create("syzkaller", 0) = 3 [pid 7565] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7565] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7565] munmap(0x7f5464ee2000, 524288) = 0 [pid 7565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7565] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7565] close(3) = 0 [pid 7565] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7565] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7565] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7565] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7565] ioctl(4, LOOP_CLR_FD) = 0 [pid 7565] close(4) = 0 [pid 7565] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7564] <... futex resumed>) = 0 [pid 7564] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7564] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7564] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7564] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7566], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7566 [pid 7564] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7564] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7565] <... futex resumed>) = 1 [pid 7565] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7565] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7565] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7566 attached [pid 7566] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7566] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7566] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7566] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7566] chdir(".") = 0 [pid 7566] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7564] <... futex resumed>) = 0 [pid 7564] exit_group(0 [pid 7565] <... futex resumed>) = ? [pid 7564] <... exit_group resumed>) = ? [pid 7565] +++ exited with 0 +++ [pid 7566] +++ exited with 0 +++ [pid 7564] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7564, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./852", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./852", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 167.174528][ T7565] loop0: detected capacity change from 0 to 1024 umount2("./852/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./852/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./852/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./852/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./852/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./852/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./852/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./852/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./852/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./852") = 0 mkdir("./853", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7567 ./strace-static-x86_64: Process 7567 attached [pid 7567] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7567] chdir("./853") = 0 [pid 7567] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7567] setpgid(0, 0) = 0 [pid 7567] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7567] write(3, "1000", 4) = 4 [pid 7567] close(3) = 0 [pid 7567] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7567] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7567] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7567] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7567] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7568 attached , parent_tid=[7568], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7568 [pid 7568] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7568] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7567] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7568] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7567] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7568] memfd_create("syzkaller", 0) = 3 [pid 7568] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7568] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7568] munmap(0x7f5464ee2000, 524288) = 0 [pid 7568] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7568] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7568] close(3) = 0 [pid 7568] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7568] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7568] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7568] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7568] ioctl(4, LOOP_CLR_FD) = 0 [pid 7568] close(4) = 0 [pid 7568] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7567] <... futex resumed>) = 0 [pid 7567] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7567] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7568] <... futex resumed>) = 1 [pid 7567] <... futex resumed>) = 0 [pid 7568] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7567] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7567] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7567] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7569], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7569 [pid 7567] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7567] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7568] <... mknodat resumed>) = 0 [pid 7568] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7568] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7569 attached [pid 7569] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7569] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7569] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7569] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7569] chdir(".") = 0 [pid 7569] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7567] <... futex resumed>) = 0 [pid 7567] exit_group(0 [pid 7568] <... futex resumed>) = ? [pid 7567] <... exit_group resumed>) = ? [pid 7568] +++ exited with 0 +++ [pid 7569] <... futex resumed>) = ? [pid 7569] +++ exited with 0 +++ [pid 7567] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7567, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./853", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./853", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./853/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./853/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./853/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./853/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./853/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./853/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./853/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 167.306559][ T7568] loop0: detected capacity change from 0 to 1024 lstat("./853/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./853/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./853") = 0 mkdir("./854", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7570 ./strace-static-x86_64: Process 7570 attached [pid 7570] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7570] chdir("./854") = 0 [pid 7570] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7570] setpgid(0, 0) = 0 [pid 7570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7570] write(3, "1000", 4) = 4 [pid 7570] close(3) = 0 [pid 7570] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7570] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7570] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7570] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7571 attached , parent_tid=[7571], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7571 [pid 7570] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7570] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7571] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7571] memfd_create("syzkaller", 0) = 3 [pid 7571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7571] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7571] munmap(0x7f5464ee2000, 524288) = 0 [pid 7571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7571] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7571] close(3) = 0 [pid 7571] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7571] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7571] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7571] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7571] ioctl(4, LOOP_CLR_FD) = 0 [pid 7571] close(4) = 0 [pid 7571] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7570] <... futex resumed>) = 0 [pid 7570] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7570] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7570] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7570] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7572], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7572 [pid 7570] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7570] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7571] <... futex resumed>) = 1 [pid 7571] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7572 attached [pid 7572] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7571] <... mknodat resumed>) = 0 [pid 7571] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7571] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7572] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7572] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7572] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7572] chdir(".") = 0 [pid 7572] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7570] <... futex resumed>) = 0 [pid 7570] exit_group(0) = ? [pid 7571] <... futex resumed>) = ? [pid 7571] +++ exited with 0 +++ [pid 7572] +++ exited with 0 +++ [pid 7570] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7570, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./854", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./854", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 167.406404][ T7571] loop0: detected capacity change from 0 to 1024 umount2("./854/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./854/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./854/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./854/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./854/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./854/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./854/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./854/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./854/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./854") = 0 mkdir("./855", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7573 ./strace-static-x86_64: Process 7573 attached [pid 7573] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7573] chdir("./855") = 0 [pid 7573] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7573] setpgid(0, 0) = 0 [pid 7573] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7573] write(3, "1000", 4) = 4 [pid 7573] close(3) = 0 [pid 7573] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7573] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7573] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7573] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7574], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7574 [pid 7573] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7573] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7574 attached [pid 7574] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7574] memfd_create("syzkaller", 0) = 3 [pid 7574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7574] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7574] munmap(0x7f5464ee2000, 524288) = 0 [pid 7574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7574] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7574] close(3) = 0 [pid 7574] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7574] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7574] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7574] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7574] ioctl(4, LOOP_CLR_FD) = 0 [pid 7574] close(4) = 0 [pid 7574] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7573] <... futex resumed>) = 0 [pid 7574] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7573] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7573] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7573] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7573] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7575], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7575 [pid 7573] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7574] <... mknodat resumed>) = 0 [pid 7573] <... futex resumed>) = 0 [pid 7573] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7574] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7574] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7575 attached [pid 7575] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7575] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7575] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7575] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7575] chdir(".") = 0 [pid 7575] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7573] <... futex resumed>) = 0 [pid 7573] exit_group(0 [pid 7574] <... futex resumed>) = ? [pid 7573] <... exit_group resumed>) = ? [pid 7574] +++ exited with 0 +++ [pid 7575] <... futex resumed>) = ? [ 167.511515][ T7574] loop0: detected capacity change from 0 to 1024 [pid 7575] +++ exited with 0 +++ [pid 7573] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7573, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./855", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./855", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./855/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./855/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./855/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./855/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./855/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./855/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./855/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./855/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./855/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./855") = 0 mkdir("./856", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7576 ./strace-static-x86_64: Process 7576 attached [pid 7576] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7576] chdir("./856") = 0 [pid 7576] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7576] setpgid(0, 0) = 0 [pid 7576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7576] write(3, "1000", 4) = 4 [pid 7576] close(3) = 0 [pid 7576] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7576] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7576] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7576] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7577], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7577 [pid 7576] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7576] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7577 attached [pid 7577] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7577] memfd_create("syzkaller", 0) = 3 [pid 7577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7577] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7577] munmap(0x7f5464ee2000, 524288) = 0 [pid 7577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7577] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7577] close(3) = 0 [pid 7577] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7577] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7577] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7577] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7577] ioctl(4, LOOP_CLR_FD) = 0 [pid 7577] close(4) = 0 [pid 7577] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7576] <... futex resumed>) = 0 [pid 7576] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7576] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7576] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7576] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7578], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7578 [pid 7576] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7576] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7577] <... futex resumed>) = 1 [pid 7577] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7577] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7577] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7578 attached [pid 7578] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7578] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7578] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7578] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7578] chdir(".") = 0 [pid 7578] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7576] <... futex resumed>) = 0 [pid 7576] exit_group(0) = ? [pid 7578] +++ exited with 0 +++ [pid 7577] <... futex resumed>) = ? [pid 7577] +++ exited with 0 +++ [pid 7576] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7576, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./856", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./856", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./856/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./856/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./856/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 167.632021][ T7577] loop0: detected capacity change from 0 to 1024 umount2("./856/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./856/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./856/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./856/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./856/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./856/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./856") = 0 mkdir("./857", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7579 ./strace-static-x86_64: Process 7579 attached [pid 7579] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7579] chdir("./857") = 0 [pid 7579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7579] setpgid(0, 0) = 0 [pid 7579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7579] write(3, "1000", 4) = 4 [pid 7579] close(3) = 0 [pid 7579] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7579] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7579] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7579] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7580], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7580 [pid 7579] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7579] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7580 attached [pid 7580] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7580] memfd_create("syzkaller", 0) = 3 [pid 7580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7580] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7580] munmap(0x7f5464ee2000, 524288) = 0 [pid 7580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7580] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7580] close(3) = 0 [pid 7580] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7580] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7580] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7580] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7580] ioctl(4, LOOP_CLR_FD) = 0 [pid 7580] close(4) = 0 [pid 7580] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7580] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7579] <... futex resumed>) = 0 [pid 7579] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7579] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7579] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7579] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7581], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7581 [pid 7579] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7579] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7580] <... futex resumed>) = 0 [pid 7580] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7581 attached ) = 0 [pid 7581] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7581] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7581] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7580] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7580] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7581] <... mount resumed>) = 0 [pid 7581] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7581] chdir(".") = 0 [pid 7581] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7579] <... futex resumed>) = 0 [pid 7579] exit_group(0) = ? [pid 7580] <... futex resumed>) = ? [pid 7581] +++ exited with 0 +++ [pid 7580] +++ exited with 0 +++ [pid 7579] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7579, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./857", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./857", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 167.737714][ T7580] loop0: detected capacity change from 0 to 1024 umount2("./857/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./857/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./857/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./857/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./857/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./857/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./857/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./857/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./857/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./857") = 0 mkdir("./858", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7582 ./strace-static-x86_64: Process 7582 attached [pid 7582] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7582] chdir("./858") = 0 [pid 7582] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7582] setpgid(0, 0) = 0 [pid 7582] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7582] write(3, "1000", 4) = 4 [pid 7582] close(3) = 0 [pid 7582] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7582] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7582] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7582] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7582] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7583 attached , parent_tid=[7583], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7583 [pid 7583] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7583] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7582] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7583] <... futex resumed>) = 0 [pid 7582] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7583] memfd_create("syzkaller", 0) = 3 [pid 7583] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7583] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7583] munmap(0x7f5464ee2000, 524288) = 0 [pid 7583] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7583] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7583] close(3) = 0 [pid 7583] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7583] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7583] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7583] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7583] ioctl(4, LOOP_CLR_FD) = 0 [pid 7583] close(4) = 0 [pid 7583] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7583] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7582] <... futex resumed>) = 0 [pid 7582] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7583] <... futex resumed>) = 0 [pid 7582] <... futex resumed>) = 1 [pid 7583] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7582] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7582] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7582] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7583] <... mknodat resumed>) = 0 [pid 7583] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7582] <... mprotect resumed>) = 0 [pid 7582] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7583] <... futex resumed>) = 0 [pid 7583] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7584 attached [pid 7582] <... clone resumed>, parent_tid=[7584], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7584 [pid 7582] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7584] set_robust_list(0x7f5464f619e0, 24 [pid 7582] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7584] <... set_robust_list resumed>) = 0 [pid 7584] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7584] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7584] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7584] chdir(".") = 0 [pid 7584] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7582] <... futex resumed>) = 0 [pid 7584] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7582] exit_group(0 [pid 7583] <... futex resumed>) = ? [pid 7582] <... exit_group resumed>) = ? [pid 7584] <... futex resumed>) = ? [pid 7583] +++ exited with 0 +++ [pid 7584] +++ exited with 0 +++ [pid 7582] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7582, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./858", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./858", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./858/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./858/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./858/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./858/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./858/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./858/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./858/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./858/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 167.860775][ T7583] loop0: detected capacity change from 0 to 1024 unlink("./858/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./858") = 0 mkdir("./859", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7585 ./strace-static-x86_64: Process 7585 attached [pid 7585] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7585] chdir("./859") = 0 [pid 7585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7585] setpgid(0, 0) = 0 [pid 7585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7585] write(3, "1000", 4) = 4 [pid 7585] close(3) = 0 [pid 7585] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7585] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7585] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7585] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7586 attached , parent_tid=[7586], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7586 [pid 7585] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7585] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7586] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7586] memfd_create("syzkaller", 0) = 3 [pid 7586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7586] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7586] munmap(0x7f5464ee2000, 524288) = 0 [pid 7586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7586] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7586] close(3) = 0 [pid 7586] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7586] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7586] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7586] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7586] ioctl(4, LOOP_CLR_FD) = 0 [pid 7586] close(4) = 0 [pid 7586] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7586] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7585] <... futex resumed>) = 0 [pid 7585] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7585] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7585] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7585] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7587 attached , parent_tid=[7587], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7587 [pid 7587] set_robust_list(0x7f5464f619e0, 24 [pid 7585] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7587] <... set_robust_list resumed>) = 0 [pid 7585] <... futex resumed>) = 0 [pid 7585] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7587] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7587] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7586] <... futex resumed>) = 0 [pid 7587] <... mount resumed>) = 0 [pid 7587] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7587] chdir(".") = 0 [pid 7586] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7587] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7585] <... futex resumed>) = 0 [pid 7587] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7586] <... mknodat resumed>) = 0 [pid 7586] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7586] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7585] exit_group(0 [pid 7587] <... futex resumed>) = ? [pid 7585] <... exit_group resumed>) = ? [pid 7587] +++ exited with 0 +++ [pid 7586] <... futex resumed>) = ? [pid 7586] +++ exited with 0 +++ [pid 7585] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7585, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./859", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./859", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./859/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./859/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./859/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./859/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./859/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./859/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 167.965123][ T7586] loop0: detected capacity change from 0 to 1024 umount2("./859/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./859/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./859/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./859") = 0 mkdir("./860", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7588 attached [pid 7588] set_robust_list(0x5555561b25e0, 24 [pid 4999] <... clone resumed>, child_tidptr=0x5555561b25d0) = 7588 [pid 7588] <... set_robust_list resumed>) = 0 [pid 7588] chdir("./860") = 0 [pid 7588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7588] setpgid(0, 0) = 0 [pid 7588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7588] write(3, "1000", 4) = 4 [pid 7588] close(3) = 0 [pid 7588] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7588] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7588] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7588] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7589], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7589 [pid 7588] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7588] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7589 attached [pid 7589] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7589] memfd_create("syzkaller", 0) = 3 [pid 7589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7589] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7589] munmap(0x7f5464ee2000, 524288) = 0 [pid 7589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7589] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7589] close(3) = 0 [pid 7589] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7589] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7589] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7589] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7589] ioctl(4, LOOP_CLR_FD) = 0 [pid 7589] close(4) = 0 [pid 7589] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7588] <... futex resumed>) = 0 [pid 7588] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7588] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7588] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7589] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7588] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7590 attached , parent_tid=[7590], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7590 [pid 7590] set_robust_list(0x7f5464f619e0, 24 [pid 7588] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7590] <... set_robust_list resumed>) = 0 [pid 7590] mkdir(".", 0777 [pid 7588] <... futex resumed>) = 0 [pid 7588] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7590] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7590] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7589] <... mknodat resumed>) = 0 [pid 7589] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7589] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7590] <... mount resumed>) = 0 [pid 7590] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7590] chdir(".") = 0 [pid 7590] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7588] <... futex resumed>) = 0 [pid 7588] exit_group(0 [pid 7589] <... futex resumed>) = ? [pid 7588] <... exit_group resumed>) = ? [pid 7589] +++ exited with 0 +++ [pid 7590] <... futex resumed>) = ? [pid 7590] +++ exited with 0 +++ [pid 7588] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7588, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./860", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./860", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 168.062749][ T7589] loop0: detected capacity change from 0 to 1024 umount2("./860/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./860/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./860/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./860/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./860/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./860/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./860/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./860/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./860/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./860") = 0 mkdir("./861", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7591 ./strace-static-x86_64: Process 7591 attached [pid 7591] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7591] chdir("./861") = 0 [pid 7591] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7591] setpgid(0, 0) = 0 [pid 7591] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7591] write(3, "1000", 4) = 4 [pid 7591] close(3) = 0 [pid 7591] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7591] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7591] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7591] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7592], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7592 ./strace-static-x86_64: Process 7592 attached [pid 7592] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7592] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7591] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7592] <... futex resumed>) = 0 [pid 7592] memfd_create("syzkaller", 0 [pid 7591] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7592] <... memfd_create resumed>) = 3 [pid 7592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7592] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7592] munmap(0x7f5464ee2000, 524288) = 0 [pid 7592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7592] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7592] close(3) = 0 [pid 7592] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7592] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7592] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7592] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7592] ioctl(4, LOOP_CLR_FD) = 0 [pid 7592] close(4) = 0 [pid 7592] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7591] <... futex resumed>) = 0 [pid 7592] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7591] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7591] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7591] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7591] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7593], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7593 [pid 7591] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7591] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7593 attached [pid 7593] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7593] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7593] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7592] <... mknodat resumed>) = 0 [pid 7592] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7592] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7593] <... mount resumed>) = 0 [pid 7593] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7593] chdir(".") = 0 [pid 7593] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7591] <... futex resumed>) = 0 [pid 7591] exit_group(0) = ? [pid 7592] <... futex resumed>) = ? [pid 7593] <... futex resumed>) = ? [pid 7592] +++ exited with 0 +++ [pid 7593] +++ exited with 0 +++ [pid 7591] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7591, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./861", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./861", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./861/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 168.182522][ T7592] loop0: detected capacity change from 0 to 1024 umount2("./861/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./861/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./861/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./861/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./861/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./861/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./861/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./861/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./861") = 0 mkdir("./862", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7594 ./strace-static-x86_64: Process 7594 attached [pid 7594] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7594] chdir("./862") = 0 [pid 7594] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7594] setpgid(0, 0) = 0 [pid 7594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7594] write(3, "1000", 4) = 4 [pid 7594] close(3) = 0 [pid 7594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7594] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7594] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7594] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7595 attached , parent_tid=[7595], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7595 [pid 7594] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7595] set_robust_list(0x7f546d3029e0, 24 [pid 7594] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7595] <... set_robust_list resumed>) = 0 [pid 7595] memfd_create("syzkaller", 0) = 3 [pid 7595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7595] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7595] munmap(0x7f5464ee2000, 524288) = 0 [pid 7595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7595] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7595] close(3) = 0 [pid 7595] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7595] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7595] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7595] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7595] ioctl(4, LOOP_CLR_FD) = 0 [pid 7595] close(4) = 0 [pid 7595] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7594] <... futex resumed>) = 0 [pid 7594] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7594] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7595] <... futex resumed>) = 1 [pid 7594] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7595] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7594] <... mprotect resumed>) = 0 [pid 7594] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7596], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7596 [pid 7594] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7594] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7596 attached [pid 7596] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7596] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7596] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7595] <... mknodat resumed>) = 0 [pid 7595] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7596] <... mount resumed>) = 0 [pid 7596] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7595] <... futex resumed>) = 0 [pid 7596] chdir(".") = 0 [pid 7596] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7594] <... futex resumed>) = 0 [pid 7596] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7594] exit_group(0 [pid 7595] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 7594] <... exit_group resumed>) = ? [pid 7596] <... futex resumed>) = ? [pid 7596] +++ exited with 0 +++ [pid 7595] +++ exited with 0 +++ [pid 7594] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7594, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./862", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./862", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 168.300453][ T7595] loop0: detected capacity change from 0 to 1024 umount2("./862/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./862/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./862/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./862/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./862/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./862/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./862/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./862/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./862/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./862") = 0 mkdir("./863", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7597 ./strace-static-x86_64: Process 7597 attached [pid 7597] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7597] chdir("./863") = 0 [pid 7597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7597] setpgid(0, 0) = 0 [pid 7597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7597] write(3, "1000", 4) = 4 [pid 7597] close(3) = 0 [pid 7597] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7597] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7597] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7597] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7598], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7598 [pid 7597] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7597] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7598 attached [pid 7598] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7598] memfd_create("syzkaller", 0) = 3 [pid 7598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7598] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7598] munmap(0x7f5464ee2000, 524288) = 0 [pid 7598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7598] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7598] close(3) = 0 [pid 7598] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7598] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7598] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7598] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7598] ioctl(4, LOOP_CLR_FD) = 0 [pid 7598] close(4) = 0 [pid 7598] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7597] <... futex resumed>) = 0 [pid 7597] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7597] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7597] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7597] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7599], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7599 [pid 7597] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7597] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7598] <... futex resumed>) = 1 [pid 7598] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7598] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7598] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7599 attached [pid 7599] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7599] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7599] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7599] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7599] chdir(".") = 0 [pid 7599] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7597] <... futex resumed>) = 0 [pid 7597] exit_group(0) = ? [pid 7598] <... futex resumed>) = ? [pid 7598] +++ exited with 0 +++ [pid 7599] <... futex resumed>) = ? [pid 7599] +++ exited with 0 +++ [pid 7597] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7597, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./863", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./863", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./863/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./863/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 168.408661][ T7598] loop0: detected capacity change from 0 to 1024 lstat("./863/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./863/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./863/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./863/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./863/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./863/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./863/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./863") = 0 mkdir("./864", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7600 ./strace-static-x86_64: Process 7600 attached [pid 7600] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7600] chdir("./864") = 0 [pid 7600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7600] setpgid(0, 0) = 0 [pid 7600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7600] write(3, "1000", 4) = 4 [pid 7600] close(3) = 0 [pid 7600] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7600] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7600] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7600] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7601], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7601 [pid 7600] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7600] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7601 attached [pid 7601] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7601] memfd_create("syzkaller", 0) = 3 [pid 7601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7601] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7601] munmap(0x7f5464ee2000, 524288) = 0 [pid 7601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7601] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7601] close(3) = 0 [pid 7601] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7601] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7601] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7601] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7601] ioctl(4, LOOP_CLR_FD) = 0 [pid 7601] close(4) = 0 [pid 7601] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7600] <... futex resumed>) = 0 [pid 7600] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7600] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7600] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7600] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7602], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7602 [pid 7600] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7600] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7601] <... futex resumed>) = 1 [pid 7601] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7601] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7601] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7602 attached [pid 7602] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7602] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7602] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7602] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7602] chdir(".") = 0 [pid 7602] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7600] <... futex resumed>) = 0 [pid 7600] exit_group(0) = ? [pid 7601] <... futex resumed>) = ? [pid 7602] +++ exited with 0 +++ [pid 7601] +++ exited with 0 +++ [pid 7600] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7600, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./864", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./864", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./864/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./864/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./864/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./864/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./864/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./864/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./864/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./864/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./864/binderfs") = 0 [ 168.512235][ T7601] loop0: detected capacity change from 0 to 1024 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./864") = 0 mkdir("./865", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7603 attached , child_tidptr=0x5555561b25d0) = 7603 [pid 7603] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7603] chdir("./865") = 0 [pid 7603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7603] setpgid(0, 0) = 0 [pid 7603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7603] write(3, "1000", 4) = 4 [pid 7603] close(3) = 0 [pid 7603] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7603] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7603] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7603] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7604], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7604 [pid 7603] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7603] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7604 attached [pid 7604] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7604] memfd_create("syzkaller", 0) = 3 [pid 7604] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7604] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7604] munmap(0x7f5464ee2000, 524288) = 0 [pid 7604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7604] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7604] close(3) = 0 [pid 7604] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7604] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7604] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7604] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7604] ioctl(4, LOOP_CLR_FD) = 0 [pid 7604] close(4) = 0 [pid 7604] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7604] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7603] <... futex resumed>) = 0 [pid 7603] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7604] <... futex resumed>) = 0 [pid 7603] <... futex resumed>) = 1 [pid 7604] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7603] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7603] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7603] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7605], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7605 [pid 7603] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7603] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7604] <... mknodat resumed>) = 0 ./strace-static-x86_64: Process 7605 attached [pid 7605] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7605] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7605] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7604] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7605] <... mount resumed>) = 0 [pid 7604] <... futex resumed>) = 0 [pid 7605] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7604] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7605] <... openat resumed>) = 4 [pid 7605] chdir(".") = 0 [pid 7605] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7603] <... futex resumed>) = 0 [pid 7605] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7603] exit_group(0 [pid 7605] <... futex resumed>) = ? [pid 7604] <... futex resumed>) = ? [pid 7603] <... exit_group resumed>) = ? [pid 7605] +++ exited with 0 +++ [pid 7604] +++ exited with 0 +++ [pid 7603] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7603, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./865", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./865", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./865/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./865/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./865/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./865/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./865/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 168.605583][ T7604] loop0: detected capacity change from 0 to 1024 rmdir("./865/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./865/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./865/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./865/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./865") = 0 mkdir("./866", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7606 ./strace-static-x86_64: Process 7606 attached [pid 7606] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7606] chdir("./866") = 0 [pid 7606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7606] setpgid(0, 0) = 0 [pid 7606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7606] write(3, "1000", 4) = 4 [pid 7606] close(3) = 0 [pid 7606] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7606] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7606] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7606] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7607 attached , parent_tid=[7607], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7607 [pid 7606] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7606] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7607] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7607] memfd_create("syzkaller", 0) = 3 [pid 7607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7607] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7607] munmap(0x7f5464ee2000, 524288) = 0 [pid 7607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7607] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7607] close(3) = 0 [pid 7607] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7607] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7607] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7607] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7607] ioctl(4, LOOP_CLR_FD) = 0 [pid 7607] close(4) = 0 [pid 7607] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7607] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7606] <... futex resumed>) = 0 [pid 7606] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7606] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7606] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7606] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7608], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7608 [pid 7606] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7606] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7607] <... futex resumed>) = 0 [pid 7607] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7608 attached [pid 7608] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7607] <... mknodat resumed>) = 0 [pid 7608] mkdir(".", 0777 [pid 7607] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7607] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7608] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7608] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7608] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7608] chdir(".") = 0 [pid 7608] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7606] <... futex resumed>) = 0 [pid 7606] exit_group(0 [pid 7607] <... futex resumed>) = ? [pid 7606] <... exit_group resumed>) = ? [pid 7607] +++ exited with 0 +++ [pid 7608] +++ exited with 0 +++ [pid 7606] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7606, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 168.709462][ T7607] loop0: detected capacity change from 0 to 1024 umount2("./866", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./866", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./866/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./866/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./866/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./866/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./866/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./866/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./866/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./866/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./866/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./866") = 0 mkdir("./867", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7609 ./strace-static-x86_64: Process 7609 attached [pid 7609] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7609] chdir("./867") = 0 [pid 7609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7609] setpgid(0, 0) = 0 [pid 7609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7609] write(3, "1000", 4) = 4 [pid 7609] close(3) = 0 [pid 7609] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7609] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7609] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7609] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7610 attached , parent_tid=[7610], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7610 [pid 7609] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7609] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7610] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7610] memfd_create("syzkaller", 0) = 3 [pid 7610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7610] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7610] munmap(0x7f5464ee2000, 524288) = 0 [pid 7610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7610] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7610] close(3) = 0 [pid 7610] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7610] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7610] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7610] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7610] ioctl(4, LOOP_CLR_FD) = 0 [pid 7610] close(4) = 0 [pid 7610] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7609] <... futex resumed>) = 0 [pid 7609] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7609] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7610] <... futex resumed>) = 1 [pid 7609] <... mmap resumed>) = 0x7f5464f41000 [pid 7610] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7609] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7609] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7611], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7611 [pid 7609] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7609] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7611 attached [pid 7610] <... mknodat resumed>) = 0 [pid 7610] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7610] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7611] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7611] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7611] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7611] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7611] chdir(".") = 0 [pid 7611] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7609] <... futex resumed>) = 0 [pid 7611] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7609] exit_group(0 [pid 7611] <... futex resumed>) = ? [pid 7610] <... futex resumed>) = ? [pid 7609] <... exit_group resumed>) = ? [pid 7610] +++ exited with 0 +++ [pid 7611] +++ exited with 0 +++ [pid 7609] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7609, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./867", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./867", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./867/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 168.819529][ T7610] loop0: detected capacity change from 0 to 1024 umount2("./867/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./867/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./867/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./867/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./867/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./867/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./867/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./867/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./867") = 0 mkdir("./868", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7612 ./strace-static-x86_64: Process 7612 attached [pid 7612] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7612] chdir("./868") = 0 [pid 7612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7612] setpgid(0, 0) = 0 [pid 7612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7612] write(3, "1000", 4) = 4 [pid 7612] close(3) = 0 [pid 7612] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7612] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7612] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7612] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7613 attached [pid 7613] set_robust_list(0x7f546d3029e0, 24 [pid 7612] <... clone resumed>, parent_tid=[7613], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7613 [pid 7613] <... set_robust_list resumed>) = 0 [pid 7612] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7612] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7613] memfd_create("syzkaller", 0) = 3 [pid 7613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7613] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7613] munmap(0x7f5464ee2000, 524288) = 0 [pid 7613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7613] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7613] close(3) = 0 [pid 7613] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7613] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7613] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7613] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7613] ioctl(4, LOOP_CLR_FD) = 0 [pid 7613] close(4) = 0 [pid 7613] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7613] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7612] <... futex resumed>) = 0 [pid 7612] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7613] <... futex resumed>) = 0 [pid 7612] <... futex resumed>) = 1 [pid 7613] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7612] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7613] <... mknodat resumed>) = 0 [pid 7612] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7613] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7613] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7612] <... mprotect resumed>) = 0 [pid 7612] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7614 attached , parent_tid=[7614], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7614 [pid 7614] set_robust_list(0x7f5464f619e0, 24 [pid 7612] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7612] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7614] <... set_robust_list resumed>) = 0 [pid 7614] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7614] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7614] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7614] chdir(".") = 0 [pid 7614] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7614] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7612] <... futex resumed>) = 0 [pid 7612] exit_group(0) = ? [pid 7613] <... futex resumed>) = ? [pid 7614] <... futex resumed>) = ? [pid 7614] +++ exited with 0 +++ [pid 7613] +++ exited with 0 +++ [pid 7612] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7612, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./868", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./868", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 168.929426][ T7613] loop0: detected capacity change from 0 to 1024 umount2("./868/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./868/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./868/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./868/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./868/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./868/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./868/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./868/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./868/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./868") = 0 mkdir("./869", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7615 ./strace-static-x86_64: Process 7615 attached [pid 7615] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7615] chdir("./869") = 0 [pid 7615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7615] setpgid(0, 0) = 0 [pid 7615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7615] write(3, "1000", 4) = 4 [pid 7615] close(3) = 0 [pid 7615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7615] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7615] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7615] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7616 attached [pid 7616] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7616] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7615] <... clone resumed>, parent_tid=[7616], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7616 [pid 7615] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7616] <... futex resumed>) = 0 [pid 7615] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7616] memfd_create("syzkaller", 0) = 3 [pid 7616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7616] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7616] munmap(0x7f5464ee2000, 524288) = 0 [pid 7616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7616] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7616] close(3) = 0 [pid 7616] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7616] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7616] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7616] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7616] ioctl(4, LOOP_CLR_FD) = 0 [pid 7616] close(4) = 0 [pid 7616] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7615] <... futex resumed>) = 0 [pid 7615] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7616] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7615] <... futex resumed>) = 0 [pid 7615] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7615] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7615] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7617], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7617 [pid 7615] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7616] <... mknodat resumed>) = 0 [pid 7615] <... futex resumed>) = 0 [pid 7615] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7616] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7616] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7617 attached [pid 7617] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7617] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7617] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7617] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7617] chdir(".") = 0 [pid 7617] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7615] <... futex resumed>) = 0 [pid 7617] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7615] exit_group(0 [pid 7617] <... futex resumed>) = ? [pid 7616] <... futex resumed>) = ? [pid 7615] <... exit_group resumed>) = ? [pid 7617] +++ exited with 0 +++ [pid 7616] +++ exited with 0 +++ [pid 7615] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7615, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./869", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./869", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./869/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./869/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./869/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./869/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./869/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./869/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./869/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./869/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./869/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./869") = 0 [ 169.036799][ T7616] loop0: detected capacity change from 0 to 1024 mkdir("./870", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7618 ./strace-static-x86_64: Process 7618 attached [pid 7618] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7618] chdir("./870") = 0 [pid 7618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7618] setpgid(0, 0) = 0 [pid 7618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7618] write(3, "1000", 4) = 4 [pid 7618] close(3) = 0 [pid 7618] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7618] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7618] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7618] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7619 attached [pid 7619] set_robust_list(0x7f546d3029e0, 24 [pid 7618] <... clone resumed>, parent_tid=[7619], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7619 [pid 7619] <... set_robust_list resumed>) = 0 [pid 7618] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7619] memfd_create("syzkaller", 0) = 3 [pid 7619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7618] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7619] <... mmap resumed>) = 0x7f5464ee2000 [pid 7619] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7619] munmap(0x7f5464ee2000, 524288) = 0 [pid 7619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7619] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7619] close(3) = 0 [pid 7619] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7619] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7619] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7619] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7619] ioctl(4, LOOP_CLR_FD) = 0 [pid 7619] close(4) = 0 [pid 7619] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7618] <... futex resumed>) = 0 [pid 7618] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7618] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7618] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7619] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7618] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7620], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7620 [pid 7618] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7618] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7619] <... mknodat resumed>) = 0 [pid 7619] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7619] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7620 attached [pid 7620] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7620] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7620] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7620] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7620] chdir(".") = 0 [pid 7620] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7618] <... futex resumed>) = 0 [pid 7618] exit_group(0 [pid 7619] <... futex resumed>) = ? [pid 7618] <... exit_group resumed>) = ? [pid 7619] +++ exited with 0 +++ [pid 7620] +++ exited with 0 +++ [pid 7618] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7618, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./870", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./870", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 169.150327][ T7619] loop0: detected capacity change from 0 to 1024 umount2("./870/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./870/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./870/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./870/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./870/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./870/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./870/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./870/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./870/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./870") = 0 mkdir("./871", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7621 ./strace-static-x86_64: Process 7621 attached [pid 7621] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7621] chdir("./871") = 0 [pid 7621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7621] setpgid(0, 0) = 0 [pid 7621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7621] write(3, "1000", 4) = 4 [pid 7621] close(3) = 0 [pid 7621] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7621] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7621] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7621] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7622], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7622 [pid 7621] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7621] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7622 attached [pid 7622] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7622] memfd_create("syzkaller", 0) = 3 [pid 7622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7622] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7622] munmap(0x7f5464ee2000, 524288) = 0 [pid 7622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7622] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7622] close(3) = 0 [pid 7622] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7622] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7622] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7622] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7622] ioctl(4, LOOP_CLR_FD) = 0 [pid 7622] close(4) = 0 [pid 7622] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7622] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7621] <... futex resumed>) = 0 [pid 7621] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7621] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7622] <... futex resumed>) = 0 [pid 7622] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7621] <... futex resumed>) = 0 [pid 7621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7621] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7621] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7623], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7623 [pid 7621] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7621] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7622] <... mknodat resumed>) = 0 [pid 7622] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7622] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7623 attached [pid 7623] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7623] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7623] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7623] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7623] chdir(".") = 0 [pid 7623] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7621] <... futex resumed>) = 0 [pid 7621] exit_group(0 [pid 7623] ???( [pid 7621] <... exit_group resumed>) = ? [pid 7623] <... ??? resumed>) = ? [pid 7623] +++ exited with 0 +++ [pid 7622] <... futex resumed>) = ? [pid 7622] +++ exited with 0 +++ [pid 7621] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7621, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./871", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./871", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 169.270716][ T7622] loop0: detected capacity change from 0 to 1024 umount2("./871/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./871/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./871/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./871/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./871/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./871/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./871/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./871/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./871/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./871") = 0 mkdir("./872", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7624 ./strace-static-x86_64: Process 7624 attached [pid 7624] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7624] chdir("./872") = 0 [pid 7624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7624] setpgid(0, 0) = 0 [pid 7624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7624] write(3, "1000", 4) = 4 [pid 7624] close(3) = 0 [pid 7624] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7624] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7624] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7624] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7625], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7625 [pid 7624] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7624] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7625 attached [pid 7625] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7625] memfd_create("syzkaller", 0) = 3 [pid 7625] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7625] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7625] munmap(0x7f5464ee2000, 524288) = 0 [pid 7625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7625] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7625] close(3) = 0 [pid 7625] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7625] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7625] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7625] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7625] ioctl(4, LOOP_CLR_FD) = 0 [pid 7625] close(4) = 0 [pid 7625] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7624] <... futex resumed>) = 0 [pid 7624] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7624] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7624] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7624] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7626], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7626 [pid 7624] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7624] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7625] <... futex resumed>) = 1 [pid 7625] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7625] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7625] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7626 attached [pid 7626] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7626] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7626] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7626] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7626] chdir(".") = 0 [pid 7626] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7624] <... futex resumed>) = 0 [pid 7624] exit_group(0) = ? [pid 7625] <... futex resumed>) = ? [pid 7625] +++ exited with 0 +++ [pid 7626] <... futex resumed>) = ? [pid 7626] +++ exited with 0 +++ [pid 7624] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7624, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./872", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./872", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./872/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./872/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./872/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./872/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./872/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./872/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./872/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./872/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 169.377940][ T7625] loop0: detected capacity change from 0 to 1024 unlink("./872/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./872") = 0 mkdir("./873", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7627 ./strace-static-x86_64: Process 7627 attached [pid 7627] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7627] chdir("./873") = 0 [pid 7627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7627] setpgid(0, 0) = 0 [pid 7627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7627] write(3, "1000", 4) = 4 [pid 7627] close(3) = 0 [pid 7627] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7627] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7627] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7627] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7628 attached , parent_tid=[7628], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7628 [pid 7628] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7628] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7627] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7628] <... futex resumed>) = 0 [pid 7627] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7628] memfd_create("syzkaller", 0) = 3 [pid 7628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7628] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7628] munmap(0x7f5464ee2000, 524288) = 0 [pid 7628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7628] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7628] close(3) = 0 [pid 7628] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7628] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7628] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7628] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7628] ioctl(4, LOOP_CLR_FD) = 0 [pid 7628] close(4) = 0 [pid 7628] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7628] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7627] <... futex resumed>) = 0 [pid 7627] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7628] <... futex resumed>) = 0 [pid 7627] <... futex resumed>) = 1 [pid 7628] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7627] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7627] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7628] <... mknodat resumed>) = 0 [pid 7627] <... mprotect resumed>) = 0 [pid 7627] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7629], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7629 [pid 7628] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7627] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7628] <... futex resumed>) = 0 [pid 7627] <... futex resumed>) = 0 [pid 7628] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7627] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7629 attached [pid 7629] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7629] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7629] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7629] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7629] chdir(".") = 0 [pid 7629] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7627] <... futex resumed>) = 0 [pid 7627] exit_group(0 [pid 7628] <... futex resumed>) = ? [pid 7627] <... exit_group resumed>) = ? [pid 7628] +++ exited with 0 +++ [pid 7629] +++ exited with 0 +++ [pid 7627] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7627, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./873", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./873", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 169.479587][ T7628] loop0: detected capacity change from 0 to 1024 umount2("./873/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./873/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./873/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./873/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./873/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./873/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./873/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./873/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./873/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./873") = 0 mkdir("./874", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7630 ./strace-static-x86_64: Process 7630 attached [pid 7630] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7630] chdir("./874") = 0 [pid 7630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7630] setpgid(0, 0) = 0 [pid 7630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7630] write(3, "1000", 4) = 4 [pid 7630] close(3) = 0 [pid 7630] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7630] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7630] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7630] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7631], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7631 [pid 7630] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7630] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7631 attached [pid 7631] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7631] memfd_create("syzkaller", 0) = 3 [pid 7631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7631] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7631] munmap(0x7f5464ee2000, 524288) = 0 [pid 7631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7631] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7631] close(3) = 0 [pid 7631] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7631] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7631] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7631] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7631] ioctl(4, LOOP_CLR_FD) = 0 [pid 7631] close(4) = 0 [pid 7631] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7630] <... futex resumed>) = 0 [pid 7630] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7630] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7630] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7630] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7632], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7632 [pid 7630] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7630] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7631] <... futex resumed>) = 1 [pid 7631] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7632 attached [pid 7632] set_robust_list(0x7f5464f619e0, 24 [pid 7631] <... mknodat resumed>) = 0 [pid 7631] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7631] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7632] <... set_robust_list resumed>) = 0 [pid 7632] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7632] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7632] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7632] chdir(".") = 0 [pid 7632] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7630] <... futex resumed>) = 0 [pid 7630] exit_group(0) = ? [pid 7631] <... futex resumed>) = ? [pid 7631] +++ exited with 0 +++ [pid 7632] <... futex resumed>) = ? [pid 7632] +++ exited with 0 +++ [pid 7630] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7630, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./874", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./874", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./874/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./874/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./874/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./874/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./874/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 169.605261][ T7631] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./874/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./874/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./874/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./874/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./874") = 0 mkdir("./875", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7633 attached , child_tidptr=0x5555561b25d0) = 7633 [pid 7633] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7633] chdir("./875") = 0 [pid 7633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7633] setpgid(0, 0) = 0 [pid 7633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7633] write(3, "1000", 4) = 4 [pid 7633] close(3) = 0 [pid 7633] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7633] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7633] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7633] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7634], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7634 [pid 7633] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7633] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7634 attached [pid 7634] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7634] memfd_create("syzkaller", 0) = 3 [pid 7634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7634] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7634] munmap(0x7f5464ee2000, 524288) = 0 [pid 7634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7634] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7634] close(3) = 0 [pid 7634] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7634] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7634] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7634] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7634] ioctl(4, LOOP_CLR_FD) = 0 [pid 7634] close(4) = 0 [pid 7634] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7633] <... futex resumed>) = 0 [pid 7633] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7633] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7634] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7633] <... mmap resumed>) = 0x7f5464f41000 [pid 7633] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7633] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7635], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7635 [pid 7633] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7633] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7635 attached [pid 7635] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7635] mkdir(".", 0777 [pid 7634] <... mknodat resumed>) = 0 [pid 7635] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7634] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7635] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7634] <... futex resumed>) = 0 [pid 7634] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7635] <... mount resumed>) = 0 [pid 7635] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7635] chdir(".") = 0 [pid 7635] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7633] <... futex resumed>) = 0 [pid 7635] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7633] exit_group(0 [pid 7635] <... futex resumed>) = ? [pid 7634] <... futex resumed>) = ? [pid 7633] <... exit_group resumed>) = ? [pid 7635] +++ exited with 0 +++ [pid 7634] +++ exited with 0 +++ [pid 7633] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7633, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./875", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./875", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./875/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./875/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 169.705475][ T7634] loop0: detected capacity change from 0 to 1024 lstat("./875/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./875/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./875/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./875/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./875/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./875/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./875/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./875") = 0 mkdir("./876", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7636 ./strace-static-x86_64: Process 7636 attached [pid 7636] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7636] chdir("./876") = 0 [pid 7636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7636] setpgid(0, 0) = 0 [pid 7636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7636] write(3, "1000", 4) = 4 [pid 7636] close(3) = 0 [pid 7636] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7636] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7636] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7636] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7637 attached , parent_tid=[7637], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7637 [pid 7636] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7636] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7637] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7637] memfd_create("syzkaller", 0) = 3 [pid 7637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7637] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7637] munmap(0x7f5464ee2000, 524288) = 0 [pid 7637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7637] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7637] close(3) = 0 [pid 7637] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7637] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7637] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7637] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7637] ioctl(4, LOOP_CLR_FD) = 0 [pid 7637] close(4) = 0 [pid 7637] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7636] <... futex resumed>) = 0 [pid 7637] <... futex resumed>) = 1 [pid 7636] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7637] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7636] <... futex resumed>) = 0 [pid 7636] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7637] <... mknodat resumed>) = 0 [pid 7636] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7637] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7636] <... mprotect resumed>) = 0 [pid 7637] <... futex resumed>) = 0 [pid 7637] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7636] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7638 attached , parent_tid=[7638], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7638 [pid 7638] set_robust_list(0x7f5464f619e0, 24 [pid 7636] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7638] <... set_robust_list resumed>) = 0 [pid 7636] <... futex resumed>) = 0 [pid 7636] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7638] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7638] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7638] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7638] chdir(".") = 0 [pid 7638] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7638] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7636] <... futex resumed>) = 0 [pid 7636] exit_group(0) = ? [pid 7638] <... futex resumed>) = ? [pid 7637] <... futex resumed>) = ? [pid 7638] +++ exited with 0 +++ [pid 7637] +++ exited with 0 +++ [pid 7636] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7636, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./876", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./876", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 169.812917][ T7637] loop0: detected capacity change from 0 to 1024 umount2("./876/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./876/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./876/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./876/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./876/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./876/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./876/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./876/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./876/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./876") = 0 mkdir("./877", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7639 ./strace-static-x86_64: Process 7639 attached [pid 7639] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7639] chdir("./877") = 0 [pid 7639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7639] setpgid(0, 0) = 0 [pid 7639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7639] write(3, "1000", 4) = 4 [pid 7639] close(3) = 0 [pid 7639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7639] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7639] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7639] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7640 attached , parent_tid=[7640], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7640 [pid 7640] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7640] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7639] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7640] <... futex resumed>) = 0 [pid 7639] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7640] memfd_create("syzkaller", 0) = 3 [pid 7640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7640] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7640] munmap(0x7f5464ee2000, 524288) = 0 [pid 7640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7640] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7640] close(3) = 0 [pid 7640] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7640] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7640] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7640] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7640] ioctl(4, LOOP_CLR_FD) = 0 [pid 7640] close(4) = 0 [pid 7640] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7639] <... futex resumed>) = 0 [pid 7639] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7639] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7639] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7639] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7641], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7641 [pid 7639] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7639] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7640] <... futex resumed>) = 1 [pid 7640] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7641 attached [pid 7641] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7641] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7640] <... mknodat resumed>) = 0 [pid 7640] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7640] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7641] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7641] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7641] chdir(".") = 0 [pid 7641] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7639] <... futex resumed>) = 0 [pid 7639] exit_group(0) = ? [pid 7641] +++ exited with 0 +++ [pid 7640] <... futex resumed>) = ? [pid 7640] +++ exited with 0 +++ [pid 7639] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7639, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./877", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./877", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./877/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./877/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./877/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./877/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./877/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 [ 169.931135][ T7640] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./877/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./877/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./877/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./877/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./877") = 0 mkdir("./878", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7642 ./strace-static-x86_64: Process 7642 attached [pid 7642] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7642] chdir("./878") = 0 [pid 7642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7642] setpgid(0, 0) = 0 [pid 7642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7642] write(3, "1000", 4) = 4 [pid 7642] close(3) = 0 [pid 7642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7642] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7642] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7642] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7643 attached [pid 7643] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7643] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7642] <... clone resumed>, parent_tid=[7643], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7643 [pid 7642] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7643] <... futex resumed>) = 0 [pid 7642] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7643] memfd_create("syzkaller", 0) = 3 [pid 7643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7643] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7643] munmap(0x7f5464ee2000, 524288) = 0 [pid 7643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7643] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7643] close(3) = 0 [pid 7643] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7643] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7643] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7643] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7643] ioctl(4, LOOP_CLR_FD) = 0 [pid 7643] close(4) = 0 [pid 7643] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7642] <... futex resumed>) = 0 [pid 7642] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7642] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7643] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7642] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7642] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7644], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7644 [pid 7642] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7642] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7644 attached [pid 7643] <... mknodat resumed>) = 0 [pid 7644] set_robust_list(0x7f5464f619e0, 24 [pid 7643] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7644] <... set_robust_list resumed>) = 0 [pid 7643] <... futex resumed>) = 0 [pid 7644] mkdir(".", 0777 [pid 7643] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7644] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7644] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7644] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7644] chdir(".") = 0 [pid 7644] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7642] <... futex resumed>) = 0 [pid 7642] exit_group(0 [pid 7643] <... futex resumed>) = ? [pid 7642] <... exit_group resumed>) = ? [pid 7643] +++ exited with 0 +++ [pid 7644] +++ exited with 0 +++ [pid 7642] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7642, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./878", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./878", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./878/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./878/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./878/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./878/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./878/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 170.043034][ T7643] loop0: detected capacity change from 0 to 1024 rmdir("./878/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./878/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./878/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./878/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./878") = 0 mkdir("./879", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7645 ./strace-static-x86_64: Process 7645 attached [pid 7645] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7645] chdir("./879") = 0 [pid 7645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7645] setpgid(0, 0) = 0 [pid 7645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7645] write(3, "1000", 4) = 4 [pid 7645] close(3) = 0 [pid 7645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7645] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7645] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7645] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7646 attached , parent_tid=[7646], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7646 [pid 7645] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7645] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7646] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7646] memfd_create("syzkaller", 0) = 3 [pid 7646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7646] munmap(0x7f5464ee2000, 524288) = 0 [pid 7646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7646] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7646] close(3) = 0 [pid 7646] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7646] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7646] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7646] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7646] ioctl(4, LOOP_CLR_FD) = 0 [pid 7646] close(4) = 0 [pid 7646] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7646] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7645] <... futex resumed>) = 0 [pid 7645] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7646] <... futex resumed>) = 0 [pid 7645] <... futex resumed>) = 1 [pid 7646] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7645] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7645] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7646] <... mknodat resumed>) = 0 [pid 7645] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7646] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7646] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7647 attached [pid 7647] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7647] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7645] <... clone resumed>, parent_tid=[7647], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7647 [pid 7645] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7645] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7647] <... futex resumed>) = 0 [pid 7647] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7647] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7647] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7647] chdir(".") = 0 [pid 7647] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7647] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7645] <... futex resumed>) = 0 [pid 7645] exit_group(0 [pid 7646] <... futex resumed>) = ? [pid 7645] <... exit_group resumed>) = ? [pid 7646] +++ exited with 0 +++ [pid 7647] <... futex resumed>) = ? [pid 7647] +++ exited with 0 +++ [pid 7645] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7645, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./879", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./879", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./879/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./879/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./879/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./879/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./879/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./879/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./879/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./879/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./879/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 170.146189][ T7646] loop0: detected capacity change from 0 to 1024 rmdir("./879") = 0 mkdir("./880", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7648 ./strace-static-x86_64: Process 7648 attached [pid 7648] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7648] chdir("./880") = 0 [pid 7648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7648] setpgid(0, 0) = 0 [pid 7648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7648] write(3, "1000", 4) = 4 [pid 7648] close(3) = 0 [pid 7648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7648] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7648] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7648] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7649], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7649 [pid 7648] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7648] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7649 attached [pid 7649] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7649] memfd_create("syzkaller", 0) = 3 [pid 7649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7649] munmap(0x7f5464ee2000, 524288) = 0 [pid 7649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7649] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7649] close(3) = 0 [pid 7649] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7649] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7649] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7649] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7649] ioctl(4, LOOP_CLR_FD) = 0 [pid 7649] close(4) = 0 [pid 7649] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7648] <... futex resumed>) = 0 [pid 7648] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7648] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7648] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7648] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7650], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7650 [pid 7649] <... futex resumed>) = 1 [pid 7648] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7649] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7648] <... futex resumed>) = 0 [pid 7648] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7650 attached [pid 7649] <... mknodat resumed>) = 0 [pid 7649] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7649] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7650] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7650] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7650] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7650] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7650] chdir(".") = 0 [pid 7650] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7648] <... futex resumed>) = 0 [pid 7648] exit_group(0 [pid 7649] <... futex resumed>) = ? [pid 7648] <... exit_group resumed>) = ? [pid 7649] +++ exited with 0 +++ [pid 7650] <... futex resumed>) = ? [pid 7650] +++ exited with 0 +++ [pid 7648] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7648, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./880", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./880", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./880/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./880/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./880/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./880/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./880/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 170.237840][ T7649] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./880/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./880/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./880/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./880/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./880") = 0 mkdir("./881", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7651 ./strace-static-x86_64: Process 7651 attached [pid 7651] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7651] chdir("./881") = 0 [pid 7651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7651] setpgid(0, 0) = 0 [pid 7651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7651] write(3, "1000", 4) = 4 [pid 7651] close(3) = 0 [pid 7651] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7651] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7651] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7651] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7652], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7652 [pid 7651] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7651] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7652 attached [pid 7652] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7652] memfd_create("syzkaller", 0) = 3 [pid 7652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7652] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7652] munmap(0x7f5464ee2000, 524288) = 0 [pid 7652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7652] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7652] close(3) = 0 [pid 7652] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7652] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7652] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7652] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7652] ioctl(4, LOOP_CLR_FD) = 0 [pid 7652] close(4) = 0 [pid 7652] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7651] <... futex resumed>) = 0 [pid 7652] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7651] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7651] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7651] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7651] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7653], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7653 [pid 7651] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7651] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7652] <... mknodat resumed>) = 0 [pid 7652] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7652] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7653 attached [pid 7653] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7653] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7653] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7653] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7653] chdir(".") = 0 [pid 7653] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7651] <... futex resumed>) = 0 [pid 7651] exit_group(0 [pid 7652] <... futex resumed>) = ? [pid 7651] <... exit_group resumed>) = ? [pid 7652] +++ exited with 0 +++ [pid 7653] +++ exited with 0 +++ [pid 7651] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7651, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./881", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./881", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./881/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./881/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./881/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./881/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./881/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./881/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./881/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./881/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./881/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./881") = 0 mkdir("./882", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 170.327356][ T7652] loop0: detected capacity change from 0 to 1024 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7654 ./strace-static-x86_64: Process 7654 attached [pid 7654] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7654] chdir("./882") = 0 [pid 7654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7654] setpgid(0, 0) = 0 [pid 7654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7654] write(3, "1000", 4) = 4 [pid 7654] close(3) = 0 [pid 7654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7654] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7654] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7654] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7655], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7655 [pid 7654] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7654] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7655 attached [pid 7655] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7655] memfd_create("syzkaller", 0) = 3 [pid 7655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7655] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7655] munmap(0x7f5464ee2000, 524288) = 0 [pid 7655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7655] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7655] close(3) = 0 [pid 7655] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7655] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7655] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7655] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7655] ioctl(4, LOOP_CLR_FD) = 0 [pid 7655] close(4) = 0 [pid 7655] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7654] <... futex resumed>) = 0 [pid 7654] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7654] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7655] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7654] <... mmap resumed>) = 0x7f5464f41000 [pid 7654] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7654] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7656], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7656 [pid 7654] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7654] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7656 attached [pid 7656] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7656] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7656] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff" [pid 7655] <... mknodat resumed>) = 0 [pid 7655] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7655] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7656] <... mount resumed>) = 0 [pid 7656] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7656] chdir(".") = 0 [pid 7656] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7654] <... futex resumed>) = 0 [pid 7656] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7654] exit_group(0) = ? [pid 7656] <... futex resumed>) = ? [pid 7655] <... futex resumed>) = ? [pid 7656] +++ exited with 0 +++ [pid 7655] +++ exited with 0 +++ [pid 7654] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7654, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./882", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./882", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./882/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./882/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./882/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./882/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./882/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 170.424132][ T7655] loop0: detected capacity change from 0 to 1024 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./882/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./882/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./882/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./882/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./882") = 0 mkdir("./883", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7657 ./strace-static-x86_64: Process 7657 attached [pid 7657] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7657] chdir("./883") = 0 [pid 7657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7657] setpgid(0, 0) = 0 [pid 7657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7657] write(3, "1000", 4) = 4 [pid 7657] close(3) = 0 [pid 7657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7657] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7657] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7657] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7658], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7658 ./strace-static-x86_64: Process 7658 attached [pid 7657] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7658] set_robust_list(0x7f546d3029e0, 24 [pid 7657] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7658] <... set_robust_list resumed>) = 0 [pid 7658] memfd_create("syzkaller", 0) = 3 [pid 7658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7658] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7658] munmap(0x7f5464ee2000, 524288) = 0 [pid 7658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7658] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7658] close(3) = 0 [pid 7658] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7658] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7658] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7658] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7658] ioctl(4, LOOP_CLR_FD) = 0 [pid 7658] close(4) = 0 [pid 7658] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7657] <... futex resumed>) = 0 [pid 7657] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7657] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7657] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7657] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7659], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7659 [pid 7657] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7657] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7658] <... futex resumed>) = 1 [pid 7658] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7658] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7658] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7659 attached [pid 7659] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7659] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7659] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7659] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7659] chdir(".") = 0 [pid 7659] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7659] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7657] <... futex resumed>) = 0 [pid 7657] exit_group(0) = ? [pid 7658] <... futex resumed>) = ? [pid 7658] +++ exited with 0 +++ [pid 7659] <... futex resumed>) = ? [pid 7659] +++ exited with 0 +++ [pid 7657] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7657, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./883", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./883", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./883/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./883/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./883/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./883/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./883/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 [ 170.533259][ T7658] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./883/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./883/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./883/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./883/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./883") = 0 mkdir("./884", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7660 ./strace-static-x86_64: Process 7660 attached [pid 7660] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7660] chdir("./884") = 0 [pid 7660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7660] setpgid(0, 0) = 0 [pid 7660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7660] write(3, "1000", 4) = 4 [pid 7660] close(3) = 0 [pid 7660] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7660] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7660] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7660] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7661 attached , parent_tid=[7661], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7661 [pid 7660] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7660] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7661] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7661] memfd_create("syzkaller", 0) = 3 [pid 7661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7661] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7661] munmap(0x7f5464ee2000, 524288) = 0 [pid 7661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7661] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7661] close(3) = 0 [pid 7661] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7661] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7661] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7661] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7661] ioctl(4, LOOP_CLR_FD) = 0 [pid 7661] close(4) = 0 [pid 7661] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7660] <... futex resumed>) = 0 [pid 7660] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7660] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7660] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7660] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7662], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7662 [pid 7660] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7660] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7661] <... futex resumed>) = 1 [pid 7661] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7661] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7661] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7662 attached [pid 7662] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7662] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7662] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7662] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7662] chdir(".") = 0 [pid 7662] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7660] <... futex resumed>) = 0 [pid 7660] exit_group(0 [pid 7661] <... futex resumed>) = ? [pid 7660] <... exit_group resumed>) = ? [pid 7661] +++ exited with 0 +++ [pid 7662] <... futex resumed>) = ? [pid 7662] +++ exited with 0 +++ [pid 7660] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7660, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./884", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./884", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./884/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./884/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./884/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./884/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./884/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./884/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./884/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 170.653054][ T7661] loop0: detected capacity change from 0 to 1024 lstat("./884/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./884/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./884") = 0 mkdir("./885", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7663 ./strace-static-x86_64: Process 7663 attached [pid 7663] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7663] chdir("./885") = 0 [pid 7663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7663] setpgid(0, 0) = 0 [pid 7663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7663] write(3, "1000", 4) = 4 [pid 7663] close(3) = 0 [pid 7663] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7663] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7663] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7663] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7664], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7664 ./strace-static-x86_64: Process 7664 attached [pid 7664] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7664] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7663] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7664] <... futex resumed>) = 0 [pid 7663] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7664] memfd_create("syzkaller", 0) = 3 [pid 7664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7664] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7664] munmap(0x7f5464ee2000, 524288) = 0 [pid 7664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7664] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7664] close(3) = 0 [pid 7664] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7664] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7664] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7664] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7664] ioctl(4, LOOP_CLR_FD) = 0 [pid 7664] close(4) = 0 [pid 7664] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7663] <... futex resumed>) = 0 [pid 7663] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7663] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7663] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7663] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7665], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7665 [pid 7663] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7663] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7664] <... futex resumed>) = 1 [pid 7664] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7664] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7664] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7665 attached [pid 7665] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7665] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7665] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7665] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7665] chdir(".") = 0 [pid 7665] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7663] <... futex resumed>) = 0 [pid 7663] exit_group(0 [pid 7664] <... futex resumed>) = ? [pid 7663] <... exit_group resumed>) = ? [pid 7664] +++ exited with 0 +++ [pid 7665] +++ exited with 0 +++ [pid 7663] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7663, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./885", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./885", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./885/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./885/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./885/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./885/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 170.766577][ T7664] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "./885/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./885/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./885/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./885/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./885/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./885") = 0 mkdir("./886", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7666 ./strace-static-x86_64: Process 7666 attached [pid 7666] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7666] chdir("./886") = 0 [pid 7666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7666] setpgid(0, 0) = 0 [pid 7666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7666] write(3, "1000", 4) = 4 [pid 7666] close(3) = 0 [pid 7666] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7666] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7666] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7666] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7667 attached , parent_tid=[7667], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7667 [pid 7667] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7667] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7666] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7667] <... futex resumed>) = 0 [pid 7666] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7667] memfd_create("syzkaller", 0) = 3 [pid 7667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7667] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7667] munmap(0x7f5464ee2000, 524288) = 0 [pid 7667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7667] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7667] close(3) = 0 [pid 7667] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7667] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7667] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7667] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7667] ioctl(4, LOOP_CLR_FD) = 0 [pid 7667] close(4) = 0 [pid 7667] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7666] <... futex resumed>) = 0 [pid 7667] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7666] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7666] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7666] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7666] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7667] <... mknodat resumed>) = 0 [pid 7666] <... clone resumed>, parent_tid=[7668], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7668 [pid 7666] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7666] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7667] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7667] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7668 attached [pid 7668] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7668] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7668] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7668] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7668] chdir(".") = 0 [pid 7668] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7666] <... futex resumed>) = 0 [pid 7668] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7666] exit_group(0 [pid 7668] <... futex resumed>) = ? [pid 7667] <... futex resumed>) = ? [pid 7666] <... exit_group resumed>) = ? [pid 7668] +++ exited with 0 +++ [pid 7667] +++ exited with 0 +++ [pid 7666] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7666, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./886", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./886", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./886/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./886/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./886/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./886/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./886/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./886/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./886/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./886/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./886/binderfs") = 0 [ 170.876542][ T7667] loop0: detected capacity change from 0 to 1024 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./886") = 0 mkdir("./887", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7669 ./strace-static-x86_64: Process 7669 attached [pid 7669] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7669] chdir("./887") = 0 [pid 7669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7669] setpgid(0, 0) = 0 [pid 7669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7669] write(3, "1000", 4) = 4 [pid 7669] close(3) = 0 [pid 7669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7669] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7669] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7669] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7670], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7670 [pid 7669] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7669] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7670 attached [pid 7670] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7670] memfd_create("syzkaller", 0) = 3 [pid 7670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7670] munmap(0x7f5464ee2000, 524288) = 0 [pid 7670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7670] close(3) = 0 [pid 7670] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7670] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7670] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7670] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7670] ioctl(4, LOOP_CLR_FD) = 0 [pid 7670] close(4) = 0 [pid 7670] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7669] <... futex resumed>) = 0 [pid 7669] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7669] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7669] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7669] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7671], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7671 [pid 7669] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7669] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7670] <... futex resumed>) = 1 [pid 7670] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7670] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7670] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7671 attached [pid 7671] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7671] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7671] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7671] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7671] chdir(".") = 0 [pid 7671] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7669] <... futex resumed>) = 0 [pid 7669] exit_group(0 [pid 7670] <... futex resumed>) = ? [pid 7669] <... exit_group resumed>) = ? [pid 7670] +++ exited with 0 +++ [pid 7671] <... futex resumed>) = ? [pid 7671] +++ exited with 0 +++ [pid 7669] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7669, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./887", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./887", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./887/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 170.983082][ T7670] loop0: detected capacity change from 0 to 1024 umount2("./887/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./887/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./887/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./887/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./887/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./887/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./887/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./887/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./887") = 0 mkdir("./888", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7672 ./strace-static-x86_64: Process 7672 attached [pid 7672] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7672] chdir("./888") = 0 [pid 7672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7672] setpgid(0, 0) = 0 [pid 7672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7672] write(3, "1000", 4) = 4 [pid 7672] close(3) = 0 [pid 7672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7672] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7672] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7672] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7673 attached , parent_tid=[7673], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7673 [pid 7672] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7672] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7673] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7673] memfd_create("syzkaller", 0) = 3 [pid 7673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7673] munmap(0x7f5464ee2000, 524288) = 0 [pid 7673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7673] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7673] close(3) = 0 [pid 7673] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7673] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7673] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7673] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7673] ioctl(4, LOOP_CLR_FD) = 0 [pid 7673] close(4) = 0 [pid 7673] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7672] <... futex resumed>) = 0 [pid 7672] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7672] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7672] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7672] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7674], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7674 [pid 7672] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7672] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7673] <... futex resumed>) = 1 [pid 7673] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7673] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7673] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7674 attached [pid 7674] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7674] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7674] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7674] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7674] chdir(".") = 0 [pid 7674] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7672] <... futex resumed>) = 0 [pid 7674] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7672] exit_group(0 [pid 7673] <... futex resumed>) = ? [pid 7672] <... exit_group resumed>) = ? [pid 7674] <... futex resumed>) = ? [pid 7673] +++ exited with 0 +++ [pid 7674] +++ exited with 0 +++ [pid 7672] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7672, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./888", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./888", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./888/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./888/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./888/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./888/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./888/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./888/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./888/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./888/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 171.098601][ T7673] loop0: detected capacity change from 0 to 1024 unlink("./888/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./888") = 0 mkdir("./889", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7675 ./strace-static-x86_64: Process 7675 attached [pid 7675] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7675] chdir("./889") = 0 [pid 7675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7675] setpgid(0, 0) = 0 [pid 7675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7675] write(3, "1000", 4) = 4 [pid 7675] close(3) = 0 [pid 7675] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7675] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7675] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7675] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7676 attached [pid 7676] set_robust_list(0x7f546d3029e0, 24 [pid 7675] <... clone resumed>, parent_tid=[7676], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7676 [pid 7675] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7676] <... set_robust_list resumed>) = 0 [pid 7675] <... futex resumed>) = 0 [pid 7675] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7676] memfd_create("syzkaller", 0) = 3 [pid 7676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7676] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7676] munmap(0x7f5464ee2000, 524288) = 0 [pid 7676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7676] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7676] close(3) = 0 [pid 7676] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7676] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7676] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7676] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7676] ioctl(4, LOOP_CLR_FD) = 0 [pid 7676] close(4) = 0 [pid 7676] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7676] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7675] <... futex resumed>) = 0 [pid 7675] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7675] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7675] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7676] <... futex resumed>) = 0 [pid 7676] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7675] <... mprotect resumed>) = 0 [pid 7675] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7677], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7677 [pid 7675] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7675] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7676] <... mknodat resumed>) = 0 [pid 7676] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7676] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7677 attached [pid 7677] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7677] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7677] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7677] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7677] chdir(".") = 0 [pid 7677] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7675] <... futex resumed>) = 0 [pid 7675] exit_group(0) = ? [pid 7676] <... futex resumed>) = ? [pid 7677] +++ exited with 0 +++ [pid 7676] +++ exited with 0 +++ [pid 7675] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7675, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./889", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./889", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./889/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./889/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./889/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 171.192718][ T7676] loop0: detected capacity change from 0 to 1024 umount2("./889/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./889/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./889/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./889/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./889/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./889/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./889") = 0 mkdir("./890", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7678 ./strace-static-x86_64: Process 7678 attached [pid 7678] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7678] chdir("./890") = 0 [pid 7678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7678] setpgid(0, 0) = 0 [pid 7678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7678] write(3, "1000", 4) = 4 [pid 7678] close(3) = 0 [pid 7678] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7678] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7678] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7678] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7679 attached [pid 7679] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7679] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7678] <... clone resumed>, parent_tid=[7679], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7679 [pid 7678] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7679] <... futex resumed>) = 0 [pid 7678] <... futex resumed>) = 1 [pid 7678] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7679] memfd_create("syzkaller", 0) = 3 [pid 7679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7679] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7679] munmap(0x7f5464ee2000, 524288) = 0 [pid 7679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7679] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7679] close(3) = 0 [pid 7679] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7679] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7679] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7679] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7679] ioctl(4, LOOP_CLR_FD) = 0 [pid 7679] close(4) = 0 [pid 7679] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7679] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7678] <... futex resumed>) = 0 [pid 7678] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7679] <... futex resumed>) = 0 [pid 7678] <... futex resumed>) = 1 [pid 7678] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7679] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7678] <... mmap resumed>) = 0x7f5464f41000 [pid 7678] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7678] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7680], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7680 [pid 7679] <... mknodat resumed>) = 0 [pid 7678] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7678] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7679] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7679] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7680 attached [pid 7680] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7680] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7680] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7680] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7680] chdir(".") = 0 [pid 7680] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7678] <... futex resumed>) = 0 [pid 7680] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7678] exit_group(0 [pid 7679] <... futex resumed>) = ? [pid 7678] <... exit_group resumed>) = ? [pid 7679] +++ exited with 0 +++ [pid 7680] <... futex resumed>) = ? [pid 7680] +++ exited with 0 +++ [pid 7678] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7678, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./890", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./890", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 171.313938][ T7679] loop0: detected capacity change from 0 to 1024 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./890/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./890/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./890/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./890/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./890/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./890/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./890/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./890/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./890/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./890") = 0 mkdir("./891", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7681 ./strace-static-x86_64: Process 7681 attached [pid 7681] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7681] chdir("./891") = 0 [pid 7681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7681] setpgid(0, 0) = 0 [pid 7681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7681] write(3, "1000", 4) = 4 [pid 7681] close(3) = 0 [pid 7681] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7681] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7681] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7681] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7682], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7682 [pid 7681] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7681] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7682 attached [pid 7682] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7682] memfd_create("syzkaller", 0) = 3 [pid 7682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7682] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7682] munmap(0x7f5464ee2000, 524288) = 0 [pid 7682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7682] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7682] close(3) = 0 [pid 7682] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7682] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7682] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7682] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7682] ioctl(4, LOOP_CLR_FD) = 0 [pid 7682] close(4) = 0 [pid 7682] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7681] <... futex resumed>) = 0 [pid 7681] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7681] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7681] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7681] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7683], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7683 [pid 7681] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7681] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7682] <... futex resumed>) = 1 [pid 7682] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7682] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7682] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7683 attached [pid 7683] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7683] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7683] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7683] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7683] chdir(".") = 0 [pid 7683] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7681] <... futex resumed>) = 0 [pid 7681] exit_group(0 [pid 7682] <... futex resumed>) = ? [pid 7681] <... exit_group resumed>) = ? [pid 7682] +++ exited with 0 +++ [pid 7683] +++ exited with 0 +++ [pid 7681] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7681, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./891", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./891", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./891/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 171.422422][ T7682] loop0: detected capacity change from 0 to 1024 umount2("./891/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./891/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./891/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./891/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./891/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./891/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./891/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./891/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./891") = 0 mkdir("./892", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7684 ./strace-static-x86_64: Process 7684 attached [pid 7684] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7684] chdir("./892") = 0 [pid 7684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7684] setpgid(0, 0) = 0 [pid 7684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7684] write(3, "1000", 4) = 4 [pid 7684] close(3) = 0 [pid 7684] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7684] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7684] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7684] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7685 attached [pid 7685] set_robust_list(0x7f546d3029e0, 24 [pid 7684] <... clone resumed>, parent_tid=[7685], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7685 [pid 7685] <... set_robust_list resumed>) = 0 [pid 7684] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7684] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7685] memfd_create("syzkaller", 0) = 3 [pid 7685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7685] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7685] munmap(0x7f5464ee2000, 524288) = 0 [pid 7685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7685] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7685] close(3) = 0 [pid 7685] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7685] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7685] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7685] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7685] ioctl(4, LOOP_CLR_FD) = 0 [pid 7685] close(4) = 0 [pid 7685] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7684] <... futex resumed>) = 0 [pid 7685] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7684] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7685] <... futex resumed>) = 0 [pid 7684] <... futex resumed>) = 1 [pid 7685] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 7684] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7684] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE [pid 7685] <... mknodat resumed>) = 0 [pid 7684] <... mprotect resumed>) = 0 [pid 7685] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7684] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 7685] <... futex resumed>) = 0 [pid 7685] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7686 attached [pid 7684] <... clone resumed>, parent_tid=[7686], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7686 [pid 7686] set_robust_list(0x7f5464f619e0, 24 [pid 7684] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7686] <... set_robust_list resumed>) = 0 [pid 7684] <... futex resumed>) = 0 [pid 7686] mkdir(".", 0777 [pid 7684] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7686] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7686] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7686] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7686] chdir(".") = 0 [pid 7686] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7684] <... futex resumed>) = 0 [pid 7686] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7684] exit_group(0 [pid 7686] <... futex resumed>) = ? [pid 7685] <... futex resumed>) = ? [pid 7684] <... exit_group resumed>) = ? [pid 7686] +++ exited with 0 +++ [pid 7685] +++ exited with 0 +++ [pid 7684] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7684, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./892", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./892", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 [ 171.538601][ T7685] loop0: detected capacity change from 0 to 1024 umount2("./892/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./892/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./892/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./892/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./892/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./892/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./892/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./892/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./892/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./892") = 0 mkdir("./893", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7687 ./strace-static-x86_64: Process 7687 attached [pid 7687] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7687] chdir("./893") = 0 [pid 7687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7687] setpgid(0, 0) = 0 [pid 7687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7687] write(3, "1000", 4) = 4 [pid 7687] close(3) = 0 [pid 7687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7687] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7687] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7687] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 7688 attached , parent_tid=[7688], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7688 [pid 7687] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7687] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7688] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7688] memfd_create("syzkaller", 0) = 3 [pid 7688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7688] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7688] munmap(0x7f5464ee2000, 524288) = 0 [pid 7688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7688] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7688] close(3) = 0 [pid 7688] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7688] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7688] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7688] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7688] ioctl(4, LOOP_CLR_FD) = 0 [pid 7688] close(4) = 0 [pid 7688] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7687] <... futex resumed>) = 0 [pid 7687] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7687] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7687] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7687] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7689], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7689 [pid 7687] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7687] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7688] <... futex resumed>) = 1 [pid 7688] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 7688] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7688] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7689 attached [pid 7689] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7689] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7689] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 7689] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7689] chdir(".") = 0 [pid 7689] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7687] <... futex resumed>) = 0 [pid 7689] futex(0x7f546d3db7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7687] exit_group(0 [pid 7689] <... futex resumed>) = ? [pid 7688] <... futex resumed>) = ? [pid 7687] <... exit_group resumed>) = ? [pid 7688] +++ exited with 0 +++ [pid 7689] +++ exited with 0 +++ [pid 7687] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7687, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./893", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./893", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561b3620 /* 4 entries */, 32768) = 352 umount2("./893/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./893/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./893/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./893/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./893/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 171.661548][ T7688] loop0: detected capacity change from 0 to 1024 getdents64(4, 0x5555561bb660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561bb660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./893/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 umount2("./893/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./893/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./893/binderfs") = 0 getdents64(3, 0x5555561b3620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./893") = 0 mkdir("./894", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b25d0) = 7690 ./strace-static-x86_64: Process 7690 attached [pid 7690] set_robust_list(0x5555561b25e0, 24) = 0 [pid 7690] chdir("./894") = 0 [pid 7690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7690] setpgid(0, 0) = 0 [pid 7690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7690] write(3, "1000", 4) = 4 [pid 7690] close(3) = 0 [pid 7690] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7690] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f546d2e2000 [pid 7690] mprotect(0x7f546d2e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7690] clone(child_stack=0x7f546d3023f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7691], tls=0x7f546d302700, child_tidptr=0x7f546d3029d0) = 7691 [pid 7690] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7690] futex(0x7f546d3db7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7691 attached [pid 7691] set_robust_list(0x7f546d3029e0, 24) = 0 [pid 7691] memfd_create("syzkaller", 0) = 3 [pid 7691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5464ee2000 [pid 7691] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 7691] munmap(0x7f5464ee2000, 524288) = 0 [pid 7691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7691] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7691] close(3) = 0 [pid 7691] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [pid 7691] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "") = 0 [pid 7691] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 [pid 7691] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 7691] ioctl(4, LOOP_CLR_FD) = 0 [pid 7691] close(4) = 0 [pid 7691] futex(0x7f546d3db7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7691] futex(0x7f546d3db7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7690] <... futex resumed>) = 0 [pid 7690] futex(0x7f546d3db7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7690] futex(0x7f546d3db7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5464f41000 [pid 7690] mprotect(0x7f5464f42000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7690] clone(child_stack=0x7f5464f613f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7692], tls=0x7f5464f61700, child_tidptr=0x7f5464f619d0) = 7692 [pid 7690] futex(0x7f546d3db7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7690] futex(0x7f546d3db7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7691] <... futex resumed>) = 0 [pid 7691] mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000./strace-static-x86_64: Process 7692 attached [pid 7692] set_robust_list(0x7f5464f619e0, 24) = 0 [pid 7692] mkdir(".", 0777) = -1 EEXIST (File exists) [ 171.766940][ T7691] loop0: detected capacity change from 0 to 1024 [ 171.799662][ T7691] ------------[ cut here ]------------ [ 171.805378][ T7691] kernel BUG at fs/hfsplus/bnode.c:618! [ 171.811544][ T7691] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 171.817655][ T7691] CPU: 0 PID: 7691 Comm: syz-executor185 Not tainted 6.4.0-rc6-syzkaller-00242-g1639fae5132b #0 [ 171.828065][ T7691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 171.838120][ T7691] RIP: 0010:hfsplus_bnode_put+0x6b7/0x6d0 [ 171.843869][ T7691] Code: ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 6c fd ff ff 48 89 df e8 ca 5a 81 ff e9 5f fd ff ff e8 50 83 29 ff 0f 0b e8 49 83 29 ff <0f> 0b e8 42 83 29 ff 0f 0b e8 3b 83 29 ff 0f 0b 66 0f 1f 84 00 00 [ 171.863509][ T7691] RSP: 0018:ffffc9000adff510 EFLAGS: 00010293 [ 171.869604][ T7691] RAX: ffffffff8261fc57 RBX: ffff888021dc1f80 RCX: ffff888027271dc0 [ 171.877588][ T7691] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 171.885565][ T7691] RBP: 0000000000000000 R08: ffffffff8261f620 R09: ffffed10043b83f1 [ 171.893545][ T7691] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888021dc1f00 [ 171.901519][ T7691] R13: dffffc0000000000 R14: ffff88807a806000 R15: dffffc0000000000 [ 171.909498][ T7691] FS: 00007f546d302700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 171.918431][ T7691] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 171.925016][ T7691] CR2: 00007f5464f61718 CR3: 00000000146b6000 CR4: 00000000003506f0 [ 171.932996][ T7691] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 171.940969][ T7691] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 171.948946][ T7691] Call Trace: [ 171.952227][ T7691] [ 171.955158][ T7691] ? __die_body+0x5e/0xa0 [ 171.959499][ T7691] ? die+0x87/0xb0 [ 171.963222][ T7691] ? do_trap+0x11e/0x350 [ 171.967477][ T7691] ? hfsplus_bnode_put+0x6b7/0x6d0 [ 171.972593][ T7691] ? hfsplus_bnode_put+0x6b7/0x6d0 [ 171.977716][ T7691] ? do_error_trap+0x141/0x1f0 [ 171.982488][ T7691] ? hfsplus_bnode_put+0x6b7/0x6d0 [ 171.987610][ T7691] ? do_int3+0x30/0x30 [ 171.991694][ T7691] ? handle_invalid_op+0x2c/0x40 [ 171.996637][ T7691] ? hfsplus_bnode_put+0x6b7/0x6d0 [ 172.001755][ T7691] ? exc_invalid_op+0x33/0x50 [ 172.006451][ T7691] ? asm_exc_invalid_op+0x1a/0x20 [ 172.011487][ T7691] ? hfsplus_bnode_put+0x80/0x6d0 [ 172.016517][ T7691] ? hfsplus_bnode_put+0x6b7/0x6d0 [ 172.021633][ T7691] ? hfsplus_bnode_put+0x6b7/0x6d0 [ 172.026751][ T7691] hfsplus_bmap_alloc+0x590/0x640 [ 172.031784][ T7691] ? hfsplus_bmap_reserve+0x4e0/0x4e0 [ 172.037162][ T7691] ? hfsplus_bnode_read+0xe9/0x1e0 [ 172.042275][ T7691] ? hfsplus_bnode_read_u16+0x146/0x2c0 [ 172.047826][ T7691] ? __asan_memcpy+0x40/0x70 [ 172.052428][ T7691] hfs_bnode_split+0xde/0x1110 [ 172.057196][ T7691] ? hfsplus_bnode_dump+0xa36/0xba0 [ 172.062400][ T7691] ? __asan_memcpy+0x40/0x70 [ 172.067004][ T7691] ? hfsplus_bnode_read_u16+0x1c1/0x2c0 [ 172.072556][ T7691] ? hfs_btree_inc_height+0xdb0/0xdb0 [ 172.077942][ T7691] ? hfs_find_1st_rec_by_cnid+0x3c0/0x3c0 [ 172.083667][ T7691] hfsplus_brec_insert+0x3a6/0xdd0 [ 172.088783][ T7691] ? do_raw_spin_unlock+0x13b/0x8b0 [ 172.094002][ T7691] ? hfsplus_brec_keylen+0x310/0x310 [ 172.099292][ T7691] ? hfsplus_cat_set_perms+0x2d1/0x630 [ 172.104755][ T7691] hfsplus_create_cat+0xeee/0x1bb0 [ 172.109870][ T7691] ? __lock_acquire+0x1316/0x2070 [ 172.114911][ T7691] ? hfsplus_find_cat+0x5c0/0x5c0 [ 172.119937][ T7691] ? mark_lock+0x9a/0x340 [ 172.124279][ T7691] ? __lock_acquire+0x1316/0x2070 [ 172.129339][ T7691] ? do_raw_spin_unlock+0x13b/0x8b0 [ 172.134550][ T7691] ? _raw_spin_unlock+0x28/0x40 [ 172.139411][ T7691] ? hfsplus_new_inode+0x5cd/0x740 [ 172.144538][ T7691] hfsplus_mknod+0x16a/0x2a0 [ 172.149143][ T7691] vfs_create+0x1e2/0x330 [ 172.153483][ T7691] do_mknodat+0x3c6/0x6e0 [ 172.157828][ T7691] ? do_o_path+0x230/0x230 [ 172.162256][ T7691] ? syscall_enter_from_user_mode+0x32/0x230 [ 172.168252][ T7691] __x64_sys_mknodat+0xa9/0xc0 [ 172.173025][ T7691] do_syscall_64+0x41/0xc0 [ 172.177465][ T7691] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 172.183367][ T7691] RIP: 0033:0x7f546d356769 [ 172.187785][ T7691] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 172.207485][ T7691] RSP: 002b:00007f546d3022f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000103 [ 172.215909][ T7691] RAX: ffffffffffffffda RBX: 00007f546d3db7a0 RCX: 00007f546d356769 [ 172.223882][ T7691] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 00000000ffffff9c [ 172.231855][ T7691] RBP: 00007f546d3a80c0 R08: 0000000000000000 R09: 0000000000000000 [ 172.239829][ T7691] R10: 0000000000000103 R11: 0000000000000246 R12: 00007f546d3a81c0 [ 172.247804][ T7691] R13: 0073756c70736668 R14: e5652d70fedcf551 R15: 00007f546d3db7a8 [ 172.255788][ T7691] [ 172.258808][ T7691] Modules linked in: [ 172.263094][ T7691] ---[ end trace 0000000000000000 ]--- [ 172.268910][ T7691] RIP: 0010:hfsplus_bnode_put+0x6b7/0x6d0 [ 172.274678][ T7691] Code: ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 6c fd ff ff 48 89 df e8 ca 5a 81 ff e9 5f fd ff ff e8 50 83 29 ff 0f 0b e8 49 83 29 ff <0f> 0b e8 42 83 29 ff 0f 0b e8 3b 83 29 ff 0f 0b 66 0f 1f 84 00 00 [ 172.294773][ T7691] RSP: 0018:ffffc9000adff510 EFLAGS: 00010293 [ 172.301121][ T7691] RAX: ffffffff8261fc57 RBX: ffff888021dc1f80 RCX: ffff888027271dc0 [ 172.309313][ T7691] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 172.317460][ T7691] RBP: 0000000000000000 R08: ffffffff8261f620 R09: ffffed10043b83f1 [ 172.325447][ T7691] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888021dc1f00 [ 172.333620][ T7691] R13: dffffc0000000000 R14: ffff88807a806000 R15: dffffc0000000000 [ 172.341829][ T7691] FS: 00007f546d302700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 172.351044][ T7691] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 172.357903][ T7691] CR2: 00007f5464f61718 CR3: 00000000146b6000 CR4: 00000000003506f0 [ 172.366090][ T7691] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 172.374075][ T7691] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 172.382406][ T7691] Kernel panic - not syncing: Fatal exception [ 172.388904][ T7691] Kernel Offset: disabled [ 172.393239][ T7691] Rebooting in 86400 seconds..