./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor902032954 <...> Warning: Permanently added '10.128.1.35' (ED25519) to the list of known hosts. execve("./syz-executor902032954", ["./syz-executor902032954"], 0x7ffdda9eed60 /* 10 vars */) = 0 brk(NULL) = 0x55555746c000 brk(0x55555746cd40) = 0x55555746cd40 arch_prctl(ARCH_SET_FS, 0x55555746c3c0) = 0 set_tid_address(0x55555746c690) = 5036 set_robust_list(0x55555746c6a0, 24) = 0 rseq(0x55555746cce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor902032954", 4096) = 27 getrandom("\x76\x93\xda\x6f\xb1\x0c\x7d\xfa", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555746cd40 brk(0x55555748dd40) = 0x55555748dd40 brk(0x55555748e000) = 0x55555748e000 mprotect(0x7f86d4322000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.G3ZAh2", 0700) = 0 chmod("./syzkaller.G3ZAh2", 0777) = 0 chdir("./syzkaller.G3ZAh2") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746c690) = 5037 ./strace-static-x86_64: Process 5037 attached [pid 5037] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5037] chdir("./0") = 0 [pid 5037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5037] setpgid(0, 0) = 0 [pid 5037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5037] write(3, "1000", 4) = 4 [pid 5037] close(3) = 0 [pid 5037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5037] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5037] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5037] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5037] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5038 attached [pid 5038] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5038] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5037] <... clone3 resumed> => {parent_tid=[5038]}, 88) = 5038 [pid 5038] rt_sigprocmask(SIG_SETMASK, [], [pid 5037] rt_sigprocmask(SIG_SETMASK, [], [pid 5038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5038] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5037] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] <... futex resumed>) = 0 [pid 5037] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5038] memfd_create("syzkaller", 0) = 3 [pid 5038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5038] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5038] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 syzkaller login: [ 72.145235][ T5038] syz-executor902[5038]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5038] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5038] close(3) = 0 [pid 5038] mkdir("./file2", 0777) = 0 [pid 5038] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5038] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5038] chdir("./file2") = 0 [pid 5038] ioctl(4, LOOP_CLR_FD) = 0 [pid 5038] close(4) = 0 [pid 5038] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5038] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5038] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5037] <... futex resumed>) = 0 [pid 5037] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] <... openat resumed>) = 4 [pid 5038] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = 0 [pid 5038] <... futex resumed>) = 1 [pid 5037] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5037] <... futex resumed>) = 0 [ 72.194677][ T5038] loop0: detected capacity change from 0 to 4096 [pid 5037] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5037] futex(0x7f86d43286dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d41fc000 [pid 5037] mprotect(0x7f86d41fd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5037] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d421c990, parent_tid=0x7f86d421c990, exit_signal=0, stack=0x7f86d41fc000, stack_size=0x20300, tls=0x7f86d421c6c0} => {parent_tid=[5040]}, 88) = 5040 [pid 5037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5037] futex(0x7f86d43286d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] futex(0x7f86d43286dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5040 attached [pid 5040] rseq(0x7f86d421cfe0, 0x20, 0, 0x53053053) = 0 [pid 5040] set_robust_list(0x7f86d421c9a0, 24) = 0 [pid 5040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5040] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5038] <... write resumed>) = 1036288 [pid 5040] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5038] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] futex(0x7f86d43286dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... futex resumed>) = 0 [pid 5040] <... futex resumed>) = 1 [pid 5038] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] <... futex resumed>) = 0 [pid 5038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] futex(0x7f86d43286d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5038] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5037] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5037] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5038] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5038] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] <... futex resumed>) = 0 [pid 5038] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5037] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] <... mmap resumed>) = 0x20000000 [pid 5038] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5038] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] exit_group(0 [pid 5040] <... futex resumed>) = ? [pid 5038] <... futex resumed>) = ? [pid 5037] <... exit_group resumed>) = ? [pid 5040] +++ exited with 0 +++ [pid 5038] +++ exited with 0 +++ [pid 5037] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5037, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5041 attached [pid 5041] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5041] chdir("./1") = 0 [pid 5041] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5036] <... clone resumed>, child_tidptr=0x55555746c690) = 5041 [pid 5041] <... prctl resumed>) = 0 [pid 5041] setpgid(0, 0) = 0 [pid 5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5041] write(3, "1000", 4) = 4 [pid 5041] close(3) = 0 [pid 5041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5041] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5041] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5041] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5041] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5042 attached [pid 5042] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5042] set_robust_list(0x7f86d423d9a0, 24 [pid 5041] <... clone3 resumed> => {parent_tid=[5042]}, 88) = 5042 [pid 5042] <... set_robust_list resumed>) = 0 [pid 5041] rt_sigprocmask(SIG_SETMASK, [], [pid 5042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5041] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5042] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5041] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5042] memfd_create("syzkaller", 0) = 3 [pid 5042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5042] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5042] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5042] close(3) = 0 [pid 5042] mkdir("./file2", 0777) = 0 [pid 5042] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5042] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5042] chdir("./file2") = 0 [pid 5042] ioctl(4, LOOP_CLR_FD) = 0 [pid 5042] close(4) = 0 [pid 5042] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5042] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5042] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5041] <... futex resumed>) = 0 [pid 5041] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] <... openat resumed>) = 4 [ 72.493230][ T5042] loop0: detected capacity change from 0 to 4096 [pid 5042] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5042] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5041] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5041] futex(0x7f86d43286dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d41fc000 [pid 5041] mprotect(0x7f86d41fd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5041] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5042] <... write resumed>) = 1036288 [pid 5041] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d421c990, parent_tid=0x7f86d421c990, exit_signal=0, stack=0x7f86d41fc000, stack_size=0x20300, tls=0x7f86d421c6c0}./strace-static-x86_64: Process 5043 attached => {parent_tid=[5043]}, 88) = 5043 [pid 5041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5041] futex(0x7f86d43286d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] rseq(0x7f86d421cfe0, 0x20, 0, 0x53053053) = 0 [pid 5041] futex(0x7f86d43286dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] set_robust_list(0x7f86d421c9a0, 24) = 0 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5042] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5043] futex(0x7f86d43286dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5043] futex(0x7f86d43286d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5041] <... futex resumed>) = 1 [pid 5042] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5041] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] <... openat resumed>) = 5 [pid 5042] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5041] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5041] <... futex resumed>) = 0 [pid 5042] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5041] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] <... futex resumed>) = 0 [pid 5042] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5042] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] <... futex resumed>) = 0 [pid 5041] exit_group(0 [pid 5043] <... futex resumed>) = ? [pid 5042] <... futex resumed>) = ? [pid 5041] <... exit_group resumed>) = ? [pid 5043] +++ exited with 0 +++ [pid 5042] +++ exited with 0 +++ [pid 5041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5041, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5044 attached , child_tidptr=0x55555746c690) = 5044 [pid 5044] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5044] chdir("./2") = 0 [pid 5044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5044] setpgid(0, 0) = 0 [pid 5044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5044] write(3, "1000", 4) = 4 [pid 5044] close(3) = 0 [pid 5044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5044] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5044] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5044] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5044] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5044] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0} => {parent_tid=[5045]}, 88) = 5045 [pid 5044] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5044] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5045 attached [pid 5045] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5045] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5045] memfd_create("syzkaller", 0) = 3 [pid 5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5045] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5045] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5045] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5045] close(3) = 0 [pid 5045] mkdir("./file2", 0777) = 0 [pid 5045] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5045] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5045] chdir("./file2") = 0 [pid 5045] ioctl(4, LOOP_CLR_FD) = 0 [pid 5045] close(4) = 0 [pid 5045] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5045] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5044] <... futex resumed>) = 0 [pid 5045] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5044] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... openat resumed>) = 4 [pid 5045] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5044] <... futex resumed>) = 0 [ 72.768195][ T5045] loop0: detected capacity change from 0 to 4096 [pid 5044] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5044] futex(0x7f86d43286dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d41fc000 [pid 5044] mprotect(0x7f86d41fd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5044] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5044] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d421c990, parent_tid=0x7f86d421c990, exit_signal=0, stack=0x7f86d41fc000, stack_size=0x20300, tls=0x7f86d421c6c0} => {parent_tid=[5046]}, 88) = 5046 [pid 5044] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5044] futex(0x7f86d43286d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f86d43286dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5046 attached [pid 5046] rseq(0x7f86d421cfe0, 0x20, 0, 0x53053053) = 0 [pid 5046] set_robust_list(0x7f86d421c9a0, 24) = 0 [pid 5046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5046] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5045] <... write resumed>) = 1036288 [pid 5045] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5046] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5046] futex(0x7f86d43286dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5046] futex(0x7f86d43286d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5045] <... futex resumed>) = 0 [pid 5044] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5045] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5045] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5044] <... futex resumed>) = 1 [pid 5045] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5044] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5045] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5044] <... futex resumed>) = 0 [pid 5045] <... mmap resumed>) = 0x20000000 [pid 5044] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5045] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] exit_group(0 [pid 5046] <... futex resumed>) = ? [pid 5045] <... futex resumed>) = ? [pid 5044] <... exit_group resumed>) = ? [pid 5046] +++ exited with 0 +++ [pid 5045] +++ exited with 0 +++ [pid 5044] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5044, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5047 attached [pid 5047] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5047] chdir("./3") = 0 [pid 5047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5047] setpgid(0, 0) = 0 [pid 5047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5047] write(3, "1000", 4) = 4 [pid 5047] close(3) = 0 [pid 5047] symlink("/dev/binderfs", "./binderfs" [pid 5036] <... clone resumed>, child_tidptr=0x55555746c690) = 5047 [pid 5047] <... symlink resumed>) = 0 [pid 5047] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5047] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5047] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5047] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5047] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5048 attached [pid 5048] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5047] <... clone3 resumed> => {parent_tid=[5048]}, 88) = 5048 [pid 5048] set_robust_list(0x7f86d423d9a0, 24 [pid 5047] rt_sigprocmask(SIG_SETMASK, [], [pid 5048] <... set_robust_list resumed>) = 0 [pid 5047] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5048] rt_sigprocmask(SIG_SETMASK, [], [pid 5047] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5048] memfd_create("syzkaller", 0) = 3 [pid 5048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5048] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5048] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5048] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5048] close(3) = 0 [pid 5048] mkdir("./file2", 0777) = 0 [pid 5048] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5048] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5048] chdir("./file2") = 0 [pid 5048] ioctl(4, LOOP_CLR_FD) = 0 [pid 5048] close(4) = 0 [pid 5048] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5048] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 73.023249][ T5048] loop0: detected capacity change from 0 to 4096 [pid 5048] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5047] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5047] futex(0x7f86d43286dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d41fc000 [pid 5047] mprotect(0x7f86d41fd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5047] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5047] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d421c990, parent_tid=0x7f86d421c990, exit_signal=0, stack=0x7f86d41fc000, stack_size=0x20300, tls=0x7f86d421c6c0}./strace-static-x86_64: Process 5049 attached [pid 5049] rseq(0x7f86d421cfe0, 0x20, 0, 0x53053053) = 0 [pid 5049] set_robust_list(0x7f86d421c9a0, 24) = 0 [pid 5049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5049] futex(0x7f86d43286d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] <... clone3 resumed> => {parent_tid=[5049]}, 88) = 5049 [pid 5047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5047] futex(0x7f86d43286d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5049] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5047] <... futex resumed>) = 1 [pid 5047] futex(0x7f86d43286dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5049] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5049] futex(0x7f86d43286dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5049] futex(0x7f86d43286d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5047] futex(0x7f86d43286d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f86d43286dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5049] <... openat resumed>) = 5 [pid 5049] futex(0x7f86d43286dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f86d43286d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] <... futex resumed>) = 1 [pid 5047] futex(0x7f86d43286dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5049] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 28672 [pid 5049] futex(0x7f86d43286dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] <... write resumed>) = 1003520 [pid 5047] <... futex resumed>) = 0 [pid 5049] <... futex resumed>) = 1 [pid 5047] futex(0x7f86d43286d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5047] <... futex resumed>) = 0 [pid 5048] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 73.148874][ T5049] [ 73.151248][ T5049] ====================================================== [ 73.158282][ T5049] WARNING: possible circular locking dependency detected [ 73.165313][ T5049] 6.6.0-rc7-syzkaller-00151-g56567a20b22b #0 Not tainted [ 73.172346][ T5049] ------------------------------------------------------ [ 73.179370][ T5049] syz-executor902/5049 is trying to acquire lock: [ 73.185807][ T5049] ffff888076809070 (&ni->file.run_lock#3){++++}-{3:3}, at: attr_data_get_block+0x2e7/0x2da0 [ 73.195929][ T5049] [pid 5048] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 73.195929][ T5049] but task is already holding lock: [ 73.203288][ T5049] ffff88802adfb120 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x17b/0x410 [ 73.212255][ T5049] [ 73.212255][ T5049] which lock already depends on the new lock. [ 73.212255][ T5049] [ 73.222656][ T5049] [ 73.222656][ T5049] the existing dependency chain (in reverse order) is: [ 73.231673][ T5049] [ 73.231673][ T5049] -> #1 (&mm->mmap_lock){++++}-{3:3}: [ 73.239259][ T5049] __might_fault+0xc1/0x120 [ 73.244306][ T5049] _copy_to_user+0x2a/0xa0 [ 73.249234][ T5049] fiemap_fill_next_extent+0x235/0x410 [ 73.255212][ T5049] ni_fiemap+0xa5e/0x1230 [ 73.260075][ T5049] ntfs_fiemap+0x132/0x180 [ 73.265039][ T5049] do_vfs_ioctl+0x19ea/0x2b40 [ 73.270248][ T5049] __se_sys_ioctl+0x81/0x170 [ 73.275357][ T5049] do_syscall_64+0x41/0xc0 [ 73.280293][ T5049] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.286709][ T5049] [ 73.286709][ T5049] -> #0 (&ni->file.run_lock#3){++++}-{3:3}: [ 73.294813][ T5049] __lock_acquire+0x39ff/0x7f70 [ 73.300212][ T5049] lock_acquire+0x1e3/0x520 [ 73.305235][ T5049] down_read+0xb1/0xa40 [ 73.310185][ T5049] attr_data_get_block+0x2e7/0x2da0 [ 73.317401][ T5049] ntfs_file_mmap+0x453/0x7a0 [ 73.322605][ T5049] mmap_region+0xfd0/0x2280 [ 73.328243][ T5049] do_mmap+0x8d3/0xfa0 [ 73.332884][ T5049] vm_mmap_pgoff+0x1dc/0x410 [ 73.342248][ T5049] ksys_mmap_pgoff+0x4ff/0x6d0 [ 73.349268][ T5049] do_syscall_64+0x41/0xc0 [ 73.354206][ T5049] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.360622][ T5049] [ 73.360622][ T5049] other info that might help us debug this: [ 73.360622][ T5049] [ 73.370833][ T5049] Possible unsafe locking scenario: [ 73.370833][ T5049] [ 73.378264][ T5049] CPU0 CPU1 [ 73.383652][ T5049] ---- ---- [ 73.389001][ T5049] lock(&mm->mmap_lock); [ 73.393317][ T5049] lock(&ni->file.run_lock#3); [ 73.400680][ T5049] lock(&mm->mmap_lock); [ 73.407516][ T5049] rlock(&ni->file.run_lock#3); [ 73.412444][ T5049] [ 73.412444][ T5049] *** DEADLOCK *** [ 73.412444][ T5049] [ 73.420570][ T5049] 1 lock held by syz-executor902/5049: [ 73.426015][ T5049] #0: ffff88802adfb120 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x17b/0x410 [ 73.435415][ T5049] [ 73.435415][ T5049] stack backtrace: [ 73.441291][ T5049] CPU: 0 PID: 5049 Comm: syz-executor902 Not tainted 6.6.0-rc7-syzkaller-00151-g56567a20b22b #0 [ 73.451774][ T5049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 73.461819][ T5049] Call Trace: [ 73.465093][ T5049] [ 73.468019][ T5049] dump_stack_lvl+0x1e7/0x2d0 [ 73.472695][ T5049] ? nf_tcp_handle_invalid+0x650/0x650 [ 73.478157][ T5049] ? print_circular_bug+0x12b/0x1a0 [ 73.483353][ T5049] check_noncircular+0x375/0x4a0 [ 73.488290][ T5049] ? print_deadlock_bug+0x600/0x600 [ 73.493486][ T5049] ? lockdep_lock+0x123/0x2b0 [ 73.498155][ T5049] ? __lock_acquire+0x1267/0x7f70 [ 73.503184][ T5049] ? mark_lock+0x9a/0x340 [ 73.507511][ T5049] ? _find_first_zero_bit+0xd4/0x100 [ 73.512799][ T5049] __lock_acquire+0x39ff/0x7f70 [ 73.517646][ T5049] ? is_bpf_text_address+0x28d/0x2a0 [ 73.522928][ T5049] ? stack_trace_save+0x1c0/0x1c0 [ 73.527965][ T5049] ? verify_lock_unused+0x140/0x140 [ 73.533152][ T5049] ? __kernel_text_address+0xd/0x40 [ 73.538346][ T5049] ? unwind_get_return_address+0x91/0xc0 [ 73.543979][ T5049] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.550046][ T5049] ? arch_stack_walk+0x162/0x1a0 [ 73.555013][ T5049] lock_acquire+0x1e3/0x520 [ 73.559514][ T5049] ? attr_data_get_block+0x2e7/0x2da0 [ 73.564908][ T5049] ? read_lock_is_recursive+0x20/0x20 [ 73.570274][ T5049] ? __might_sleep+0xc0/0xc0 [ 73.574859][ T5049] ? is_bpf_text_address+0x26/0x2a0 [ 73.580052][ T5049] ? is_bpf_text_address+0x28d/0x2a0 [ 73.585346][ T5049] ? is_bpf_text_address+0x26/0x2a0 [ 73.590542][ T5049] down_read+0xb1/0xa40 [ 73.594696][ T5049] ? attr_data_get_block+0x2e7/0x2da0 [ 73.600062][ T5049] ? arch_stack_walk+0x162/0x1a0 [ 73.604993][ T5049] ? __down_common+0x7a0/0x7a0 [ 73.609766][ T5049] ? stack_trace_save+0x117/0x1c0 [ 73.614780][ T5049] ? verify_lock_unused+0x140/0x140 [ 73.619966][ T5049] ? stack_trace_snprint+0xf0/0xf0 [ 73.625162][ T5049] attr_data_get_block+0x2e7/0x2da0 [ 73.630380][ T5049] ? __kasan_slab_alloc+0x66/0x70 [ 73.635410][ T5049] ? slab_post_alloc_hook+0x67/0x3d0 [ 73.640688][ T5049] ? ksys_mmap_pgoff+0x4ff/0x6d0 [ 73.645614][ T5049] ? do_syscall_64+0x41/0xc0 [ 73.650293][ T5049] ? get_pre_allocated+0x130/0x130 [ 73.655414][ T5049] ? __asan_memset+0x23/0x40 [ 73.659996][ T5049] ? lockdep_init_map_type+0xa1/0x910 [ 73.665363][ T5049] ntfs_file_mmap+0x453/0x7a0 [ 73.670033][ T5049] ? lockdep_softirqs_off+0x420/0x420 [ 73.675400][ T5049] ? ntfs_compat_ioctl+0x30/0x30 [ 73.680330][ T5049] ? vma_iter_config+0xe7/0x280 [ 73.685172][ T5049] mmap_region+0xfd0/0x2280 [ 73.689667][ T5049] ? verify_lock_unused+0x140/0x140 [ 73.694857][ T5049] ? file_mmap_ok+0x150/0x150 [ 73.699523][ T5049] ? cap_mmap_addr+0x162/0x2c0 [ 73.704299][ T5049] do_mmap+0x8d3/0xfa0 [ 73.708361][ T5049] ? mlock_future_ok+0x100/0x100 [ 73.713286][ T5049] ? ima_file_free+0x4b0/0x4b0 [ 73.718067][ T5049] vm_mmap_pgoff+0x1dc/0x410 [ 73.722647][ T5049] ? account_locked_vm+0x220/0x220 [ 73.727749][ T5049] ? __fget_files+0x435/0x4a0 [ 73.732414][ T5049] ? __fget_files+0x28/0x4a0 [ 73.736998][ T5049] ksys_mmap_pgoff+0x4ff/0x6d0 [ 73.741754][ T5049] do_syscall_64+0x41/0xc0 [ 73.746184][ T5049] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.752082][ T5049] RIP: 0033:0x7f86d4280c59 [ 73.756486][ T5049] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 73.776099][ T5049] RSP: 002b:00007f86d421c208 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 73.784525][ T5049] RAX: ffffffffffffffda RBX: 00007f86d43286d8 RCX: 00007f86d4280c59 [pid 5047] futex(0x7f86d43286dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5049] <... mmap resumed>) = 0x20000000 [pid 5049] futex(0x7f86d43286dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5047] exit_group(0) = ? [pid 5048] <... futex resumed>) = ? [pid 5048] +++ exited with 0 +++ [pid 5049] +++ exited with 0 +++ [pid 5047] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5047, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 73.795400][ T5049] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000000020000000 [ 73.803480][ T5049] RBP: 00007f86d43286d0 R08: 0000000000000005 R09: 0000000000000000 [ 73.811510][ T5049] R10: 0000000000028011 R11: 0000000000000246 R12: 00007f86d42f49f8 [ 73.819569][ T5049] R13: 00007f86d42d506b R14: bcaefabb4aa2fce3 R15: 0032656c69662f2e [ 73.827548][ T5049] rmdir("./3/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5050 attached , child_tidptr=0x55555746c690) = 5050 [pid 5050] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5050] chdir("./4") = 0 [pid 5050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5050] setpgid(0, 0) = 0 [pid 5050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5050] write(3, "1000", 4) = 4 [pid 5050] close(3) = 0 [pid 5050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5050] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5050] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5050] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5050] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5051 attached [pid 5051] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5050] <... clone3 resumed> => {parent_tid=[5051]}, 88) = 5051 [pid 5051] <... rseq resumed>) = 0 [pid 5050] rt_sigprocmask(SIG_SETMASK, [], [pid 5051] set_robust_list(0x7f86d423d9a0, 24 [pid 5050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5051] <... set_robust_list resumed>) = 0 [pid 5051] rt_sigprocmask(SIG_SETMASK, [], [pid 5050] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5050] <... futex resumed>) = 0 [pid 5051] memfd_create("syzkaller", 0 [pid 5050] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5051] <... memfd_create resumed>) = 3 [pid 5051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5051] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5051] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5051] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5051] close(3) = 0 [pid 5051] mkdir("./file2", 0777) = 0 [pid 5051] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5051] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5051] chdir("./file2") = 0 [pid 5051] ioctl(4, LOOP_CLR_FD) = 0 [pid 5051] close(4) = 0 [pid 5051] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5051] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] <... futex resumed>) = 0 [pid 5050] <... futex resumed>) = 1 [pid 5050] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5051] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5051] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5050] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 73.943416][ T5051] loop0: detected capacity change from 0 to 4096 [pid 5050] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... write resumed>) = 1036288 [pid 5051] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5051] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5051] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5051] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5051] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5051] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5051] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5050] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5050] <... futex resumed>) = 0 [pid 5051] <... mmap resumed>) = 0x20000000 [pid 5050] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5050] exit_group(0) = ? [pid 5051] <... futex resumed>) = ? [pid 5051] +++ exited with 0 +++ [pid 5050] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5050, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5052 attached , child_tidptr=0x55555746c690) = 5052 [pid 5052] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5052] chdir("./5") = 0 [pid 5052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5052] setpgid(0, 0) = 0 [pid 5052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5052] write(3, "1000", 4) = 4 [pid 5052] close(3) = 0 [pid 5052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5052] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5052] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5052] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5053 attached => {parent_tid=[5053]}, 88) = 5053 [pid 5053] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5052] rt_sigprocmask(SIG_SETMASK, [], [pid 5053] <... rseq resumed>) = 0 [pid 5052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5053] set_robust_list(0x7f86d423d9a0, 24 [pid 5052] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... set_robust_list resumed>) = 0 [pid 5052] <... futex resumed>) = 0 [pid 5053] rt_sigprocmask(SIG_SETMASK, [], [pid 5052] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5053] memfd_create("syzkaller", 0) = 3 [pid 5053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5053] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5053] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5053] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5053] close(3) = 0 [pid 5053] mkdir("./file2", 0777) = 0 [pid 5053] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5053] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5053] chdir("./file2") = 0 [pid 5053] ioctl(4, LOOP_CLR_FD) = 0 [pid 5053] close(4) = 0 [pid 5053] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5052] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] <... futex resumed>) = 0 [pid 5053] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5053] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 74.155151][ T5053] loop0: detected capacity change from 0 to 4096 [pid 5052] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] <... write resumed>) = 1036288 [pid 5053] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5052] <... futex resumed>) = 0 [pid 5053] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5052] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5052] <... futex resumed>) = 0 [pid 5053] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5052] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5053] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] <... futex resumed>) = 1 [pid 5053] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5053] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5053] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5052] <... futex resumed>) = 0 [pid 5053] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5052] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] <... mmap resumed>) = 0x20000000 [pid 5053] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = 0 [pid 5052] exit_group(0) = ? [pid 5053] <... futex resumed>) = ? [pid 5053] +++ exited with 0 +++ [pid 5052] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5052, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746c690) = 5054 ./strace-static-x86_64: Process 5054 attached [pid 5054] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5054] chdir("./6") = 0 [pid 5054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] setpgid(0, 0) = 0 [pid 5054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5054] write(3, "1000", 4) = 4 [pid 5054] close(3) = 0 [pid 5054] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5054] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5054] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5054] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5054] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5054] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5055 attached => {parent_tid=[5055]}, 88) = 5055 [pid 5055] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5054] rt_sigprocmask(SIG_SETMASK, [], [pid 5055] <... rseq resumed>) = 0 [pid 5054] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5055] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5054] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5055] memfd_create("syzkaller", 0 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5055] <... memfd_create resumed>) = 3 [pid 5055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5055] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5055] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5055] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5055] close(3) = 0 [pid 5055] mkdir("./file2", 0777) = 0 [pid 5055] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5055] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5055] chdir("./file2") = 0 [pid 5055] ioctl(4, LOOP_CLR_FD) = 0 [pid 5055] close(4) = 0 [pid 5055] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... openat resumed>) = 4 [pid 5055] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5055] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5054] <... futex resumed>) = 0 [pid 5055] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 74.355274][ T5055] loop0: detected capacity change from 0 to 4096 [pid 5054] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... write resumed>) = 1036288 [pid 5055] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5055] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... openat resumed>) = 5 [pid 5055] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5055] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5055] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] <... futex resumed>) = 0 [pid 5054] exit_group(0) = ? [pid 5055] <... futex resumed>) = ? [pid 5055] +++ exited with 0 +++ [pid 5054] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5054, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746c690) = 5056 ./strace-static-x86_64: Process 5056 attached [pid 5056] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5056] chdir("./7") = 0 [pid 5056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5056] setpgid(0, 0) = 0 [pid 5056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5056] write(3, "1000", 4) = 4 [pid 5056] close(3) = 0 [pid 5056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5056] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5056] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5056] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5057 attached [pid 5057] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5056] <... clone3 resumed> => {parent_tid=[5057]}, 88) = 5057 [pid 5057] <... rseq resumed>) = 0 [pid 5056] rt_sigprocmask(SIG_SETMASK, [], [pid 5057] set_robust_list(0x7f86d423d9a0, 24 [pid 5056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5057] <... set_robust_list resumed>) = 0 [pid 5056] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] rt_sigprocmask(SIG_SETMASK, [], [pid 5056] <... futex resumed>) = 0 [pid 5057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5056] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5057] memfd_create("syzkaller", 0) = 3 [pid 5057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5057] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5057] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5057] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5057] close(3) = 0 [pid 5057] mkdir("./file2", 0777) = 0 [pid 5057] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5057] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5057] chdir("./file2") = 0 [pid 5057] ioctl(4, LOOP_CLR_FD) = 0 [pid 5057] close(4) = 0 [pid 5057] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... futex resumed>) = 1 [pid 5057] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5057] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... futex resumed>) = 1 [ 74.534279][ T5057] loop0: detected capacity change from 0 to 4096 [pid 5057] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5057] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5057] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5057] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... futex resumed>) = 0 [pid 5057] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5057] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5057] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5057] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5057] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5057] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5056] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... mmap resumed>) = 0x20000000 [pid 5057] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5056] exit_group(0) = ? [pid 5057] +++ exited with 0 +++ [pid 5056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5056, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5058 attached [pid 5058] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5058] chdir("./8") = 0 [pid 5058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5036] <... clone resumed>, child_tidptr=0x55555746c690) = 5058 [pid 5058] setpgid(0, 0) = 0 [pid 5058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5058] write(3, "1000", 4) = 4 [pid 5058] close(3) = 0 [pid 5058] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5058] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5058] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5058] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5058] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5059 attached => {parent_tid=[5059]}, 88) = 5059 [pid 5058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5058] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5059] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5059] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5059] memfd_create("syzkaller", 0) = 3 [pid 5059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5059] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5059] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5059] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5059] close(3) = 0 [pid 5059] mkdir("./file2", 0777) = 0 [pid 5059] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5059] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5059] chdir("./file2") = 0 [pid 5059] ioctl(4, LOOP_CLR_FD) = 0 [pid 5059] close(4) = 0 [pid 5059] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] <... futex resumed>) = 0 [pid 5058] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 0 [pid 5059] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5058] <... futex resumed>) = 1 [pid 5059] <... openat resumed>) = 4 [pid 5059] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5058] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 0 [pid 5059] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5058] <... futex resumed>) = 1 [ 74.731086][ T5059] loop0: detected capacity change from 0 to 4096 [pid 5058] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] <... write resumed>) = 1036288 [pid 5059] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = 0 [pid 5058] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] <... futex resumed>) = 1 [pid 5059] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5059] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5058] <... futex resumed>) = 0 [pid 5059] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5058] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5058] <... futex resumed>) = 0 [pid 5058] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] <... openat resumed>) = 5 [pid 5059] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] <... futex resumed>) = 0 [pid 5058] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5058] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5059] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5058] <... futex resumed>) = 0 [pid 5059] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5058] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5059] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = 0 [pid 5059] <... futex resumed>) = 1 [pid 5059] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] exit_group(0 [pid 5059] <... futex resumed>) = ? [pid 5058] <... exit_group resumed>) = ? [pid 5059] +++ exited with 0 +++ [pid 5058] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5058, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5060 attached , child_tidptr=0x55555746c690) = 5060 [pid 5060] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5060] chdir("./9") = 0 [pid 5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5060] setpgid(0, 0) = 0 [pid 5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5060] write(3, "1000", 4) = 4 [pid 5060] close(3) = 0 [pid 5060] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5060] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5060] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5060] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5060] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5061 attached => {parent_tid=[5061]}, 88) = 5061 [pid 5061] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5060] rt_sigprocmask(SIG_SETMASK, [], [pid 5061] set_robust_list(0x7f86d423d9a0, 24 [pid 5060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5061] <... set_robust_list resumed>) = 0 [pid 5060] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5060] <... futex resumed>) = 0 [pid 5061] memfd_create("syzkaller", 0 [pid 5060] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5061] <... memfd_create resumed>) = 3 [pid 5061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5061] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5061] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5061] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5061] close(3) = 0 [pid 5061] mkdir("./file2", 0777) = 0 [pid 5061] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5061] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5061] chdir("./file2") = 0 [pid 5061] ioctl(4, LOOP_CLR_FD) = 0 [pid 5061] close(4) = 0 [pid 5061] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5060] <... futex resumed>) = 0 [pid 5061] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5060] <... futex resumed>) = 0 [pid 5061] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5060] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] <... openat resumed>) = 4 [pid 5061] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5060] <... futex resumed>) = 0 [pid 5061] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5060] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 74.921126][ T5061] loop0: detected capacity change from 0 to 4096 [pid 5060] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] <... write resumed>) = 1036288 [pid 5061] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5060] <... futex resumed>) = 0 [pid 5060] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5061] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5060] <... futex resumed>) = 0 [pid 5061] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5060] <... futex resumed>) = 0 [pid 5061] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5060] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5061] <... futex resumed>) = 0 [pid 5061] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5061] <... futex resumed>) = 0 [pid 5060] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5061] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5060] <... futex resumed>) = 0 [pid 5061] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5060] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5060] <... futex resumed>) = 0 [pid 5061] <... mmap resumed>) = 0x20000000 [pid 5060] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = 0 [pid 5060] exit_group(0) = ? [pid 5061] <... futex resumed>) = ? [pid 5061] +++ exited with 0 +++ [pid 5060] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5060, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5062 attached , child_tidptr=0x55555746c690) = 5062 [pid 5062] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5062] chdir("./10") = 0 [pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] setpgid(0, 0) = 0 [pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] write(3, "1000", 4) = 4 [pid 5062] close(3) = 0 [pid 5062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5062] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5062] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5062] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5063 attached => {parent_tid=[5063]}, 88) = 5063 [pid 5062] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] <... rseq resumed>) = 0 [pid 5062] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] set_robust_list(0x7f86d423d9a0, 24 [pid 5062] <... futex resumed>) = 0 [pid 5063] <... set_robust_list resumed>) = 0 [pid 5062] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] memfd_create("syzkaller", 0) = 3 [pid 5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5063] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5063] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5063] close(3) = 0 [pid 5063] mkdir("./file2", 0777) = 0 [pid 5063] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5063] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5063] chdir("./file2") = 0 [pid 5063] ioctl(4, LOOP_CLR_FD) = 0 [pid 5063] close(4) = 0 [pid 5063] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5063] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5063] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5062] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... openat resumed>) = 4 [pid 5063] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5063] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 75.104538][ T5063] loop0: detected capacity change from 0 to 4096 [pid 5062] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... write resumed>) = 1036288 [pid 5063] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5063] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5062] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5063] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5063] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5063] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... openat resumed>) = 5 [pid 5063] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5063] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5063] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5063] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] exit_group(0 [pid 5063] <... futex resumed>) = ? [pid 5062] <... exit_group resumed>) = ? [pid 5063] +++ exited with 0 +++ [pid 5062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5062, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746c690) = 5064 ./strace-static-x86_64: Process 5064 attached [pid 5064] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5064] chdir("./11") = 0 [pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] setpgid(0, 0) = 0 [pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5064] write(3, "1000", 4) = 4 [pid 5064] close(3) = 0 [pid 5064] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5064] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5064] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5064] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0} => {parent_tid=[5065]}, 88) = 5065 ./strace-static-x86_64: Process 5065 attached [pid 5064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5064] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5065] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5065] memfd_create("syzkaller", 0) = 3 [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5065] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5065] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5065] close(3) = 0 [pid 5065] mkdir("./file2", 0777) = 0 [pid 5065] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5065] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5065] chdir("./file2") = 0 [pid 5065] ioctl(4, LOOP_CLR_FD) = 0 [pid 5065] close(4) = 0 [pid 5065] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] <... futex resumed>) = 0 [pid 5064] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5065] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5064] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... openat resumed>) = 4 [pid 5065] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5064] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... futex resumed>) = 1 [ 75.280387][ T5065] loop0: detected capacity change from 0 to 4096 [pid 5065] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5065] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5064] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... futex resumed>) = 1 [pid 5065] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5065] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5065] <... futex resumed>) = 1 [pid 5064] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5064] <... futex resumed>) = 0 [pid 5064] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... openat resumed>) = 5 [pid 5065] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5065] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5064] <... futex resumed>) = 0 [pid 5065] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5064] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5065] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5065] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5064] <... futex resumed>) = 0 [pid 5065] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5064] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... mmap resumed>) = 0x20000000 [pid 5065] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5065] <... futex resumed>) = 1 [pid 5065] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] exit_group(0 [pid 5065] <... futex resumed>) = ? [pid 5064] <... exit_group resumed>) = ? [pid 5065] +++ exited with 0 +++ [pid 5064] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5064, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746c690) = 5066 ./strace-static-x86_64: Process 5066 attached [pid 5066] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5066] chdir("./12") = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4) = 4 [pid 5066] close(3) = 0 [pid 5066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5066] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5066] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5066] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5067 attached [pid 5067] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5066] <... clone3 resumed> => {parent_tid=[5067]}, 88) = 5067 [pid 5067] <... rseq resumed>) = 0 [pid 5066] rt_sigprocmask(SIG_SETMASK, [], [pid 5067] set_robust_list(0x7f86d423d9a0, 24 [pid 5066] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5067] <... set_robust_list resumed>) = 0 [pid 5066] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... futex resumed>) = 0 [pid 5067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5067] memfd_create("syzkaller", 0) = 3 [pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5067] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5067] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5067] close(3) = 0 [pid 5067] mkdir("./file2", 0777) = 0 [pid 5067] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5067] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5067] chdir("./file2") = 0 [pid 5067] ioctl(4, LOOP_CLR_FD) = 0 [pid 5067] close(4) = 0 [pid 5067] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5066] <... futex resumed>) = 1 [pid 5066] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5067] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5066] <... futex resumed>) = 0 [ 75.495170][ T5067] loop0: detected capacity change from 0 to 4096 [pid 5066] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... write resumed>) = 1036288 [pid 5067] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5067] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5066] <... futex resumed>) = 0 [pid 5067] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5066] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5067] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... openat resumed>) = 5 [pid 5067] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5067] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5066] <... futex resumed>) = 1 [pid 5067] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5066] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5067] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5067] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5066] <... futex resumed>) = 0 [pid 5067] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5066] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... mmap resumed>) = 0x20000000 [pid 5067] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5066] exit_group(0) = ? [pid 5067] +++ exited with 0 +++ [pid 5066] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746c690) = 5068 ./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5068] chdir("./13") = 0 [pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] setpgid(0, 0) = 0 [pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "1000", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5068] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5068] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5068] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5068] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5069 attached => {parent_tid=[5069]}, 88) = 5069 [pid 5068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5068] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5068] <... futex resumed>) = 0 [pid 5069] <... rseq resumed>) = 0 [pid 5069] set_robust_list(0x7f86d423d9a0, 24 [pid 5068] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5069] <... set_robust_list resumed>) = 0 [pid 5069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5069] memfd_create("syzkaller", 0) = 3 [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5069] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5069] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5069] close(3) = 0 [pid 5069] mkdir("./file2", 0777) = 0 [pid 5069] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5069] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5069] chdir("./file2") = 0 [pid 5069] ioctl(4, LOOP_CLR_FD) = 0 [pid 5069] close(4) = 0 [pid 5069] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] <... futex resumed>) = 0 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5068] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5069] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5068] <... futex resumed>) = 1 [pid 5069] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5068] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5068] <... futex resumed>) = 1 [pid 5069] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 75.709472][ T5069] loop0: detected capacity change from 0 to 4096 [pid 5068] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5068] futex(0x7f86d43286dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d41fc000 [pid 5068] mprotect(0x7f86d41fd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] <... write resumed>) = 1036288 [pid 5068] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5069] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d421c990, parent_tid=0x7f86d421c990, exit_signal=0, stack=0x7f86d41fc000, stack_size=0x20300, tls=0x7f86d421c6c0}./strace-static-x86_64: Process 5070 attached [pid 5070] rseq(0x7f86d421cfe0, 0x20, 0, 0x53053053) = 0 [pid 5070] set_robust_list(0x7f86d421c9a0, 24) = 0 [pid 5070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5070] futex(0x7f86d43286d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] <... clone3 resumed> => {parent_tid=[5070]}, 88) = 5070 [pid 5068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5068] futex(0x7f86d43286d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... futex resumed>) = 0 [pid 5068] <... futex resumed>) = 1 [pid 5070] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5068] futex(0x7f86d43286dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5070] futex(0x7f86d43286dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = 0 [pid 5070] <... futex resumed>) = 1 [pid 5068] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] futex(0x7f86d43286d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] <... futex resumed>) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5068] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5069] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5069] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5068] <... futex resumed>) = 0 [pid 5069] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5068] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5069] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5069] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5068] <... futex resumed>) = 0 [pid 5069] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5068] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... mmap resumed>) = 0x20000000 [pid 5069] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5069] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] exit_group(0 [pid 5069] <... futex resumed>) = ? [pid 5070] <... futex resumed>) = ? [pid 5068] <... exit_group resumed>) = ? [pid 5069] +++ exited with 0 +++ [pid 5070] +++ exited with 0 +++ [pid 5068] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5068, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5071 attached , child_tidptr=0x55555746c690) = 5071 [pid 5071] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5071] chdir("./14") = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5071] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5071] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5071] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5071] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5072 attached => {parent_tid=[5072]}, 88) = 5072 [pid 5071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5071] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5072] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5072] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5072] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5072] memfd_create("syzkaller", 0) = 3 [pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5072] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5072] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5072] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5072] close(3) = 0 [pid 5072] mkdir("./file2", 0777) = 0 [pid 5072] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5072] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5072] chdir("./file2") = 0 [pid 5072] ioctl(4, LOOP_CLR_FD) = 0 [pid 5072] close(4) = 0 [pid 5072] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5072] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5071] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... openat resumed>) = 4 [pid 5072] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5072] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 75.905210][ T5072] loop0: detected capacity change from 0 to 4096 [pid 5072] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5072] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5072] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5071] <... futex resumed>) = 0 [pid 5072] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5071] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5072] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5071] <... futex resumed>) = 1 [pid 5072] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5071] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... openat resumed>) = 5 [pid 5072] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5071] <... futex resumed>) = 1 [pid 5072] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5072] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... futex resumed>) = 0 [pid 5071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5071] <... futex resumed>) = 0 [pid 5072] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5071] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... mmap resumed>) = 0x20000000 [pid 5072] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5072] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] exit_group(0 [pid 5072] <... futex resumed>) = ? [pid 5071] <... exit_group resumed>) = ? [pid 5072] +++ exited with 0 +++ [pid 5071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746c690) = 5073 ./strace-static-x86_64: Process 5073 attached [pid 5073] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5073] chdir("./15") = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5073] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5073] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5073] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5073] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5073] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5074 attached => {parent_tid=[5074]}, 88) = 5074 [pid 5074] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5074] set_robust_list(0x7f86d423d9a0, 24 [pid 5073] rt_sigprocmask(SIG_SETMASK, [], [pid 5074] <... set_robust_list resumed>) = 0 [pid 5074] rt_sigprocmask(SIG_SETMASK, [], [pid 5073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5074] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5073] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5074] memfd_create("syzkaller", 0) = 3 [pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5074] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5074] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5074] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5074] close(3) = 0 [pid 5074] mkdir("./file2", 0777) = 0 [pid 5074] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5074] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5074] chdir("./file2") = 0 [pid 5074] ioctl(4, LOOP_CLR_FD) = 0 [pid 5074] close(4) = 0 [pid 5074] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5074] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5073] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5074] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5074] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5073] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 76.098873][ T5074] loop0: detected capacity change from 0 to 4096 [pid 5074] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5074] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] <... futex resumed>) = 1 [pid 5074] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5074] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5073] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] <... openat resumed>) = 5 [pid 5074] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5074] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5073] <... futex resumed>) = 0 [pid 5074] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5073] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5074] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] <... mmap resumed>) = 0x20000000 [pid 5074] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5073] exit_group(0) = ? [pid 5074] +++ exited with 0 +++ [pid 5073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746c690) = 5075 ./strace-static-x86_64: Process 5075 attached [pid 5075] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5075] chdir("./16") = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5075] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5075] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5075] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5075] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5075] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5076 attached => {parent_tid=[5076]}, 88) = 5076 [pid 5076] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5075] rt_sigprocmask(SIG_SETMASK, [], [pid 5076] set_robust_list(0x7f86d423d9a0, 24 [pid 5075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5076] <... set_robust_list resumed>) = 0 [pid 5075] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] rt_sigprocmask(SIG_SETMASK, [], [pid 5075] <... futex resumed>) = 0 [pid 5076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5075] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5076] memfd_create("syzkaller", 0) = 3 [pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5076] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5076] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5076] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5076] close(3) = 0 [pid 5076] mkdir("./file2", 0777) = 0 [pid 5076] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5076] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5076] chdir("./file2") = 0 [pid 5076] ioctl(4, LOOP_CLR_FD) = 0 [pid 5076] close(4) = 0 [pid 5076] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5076] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5076] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 76.297228][ T5076] loop0: detected capacity change from 0 to 4096 [pid 5076] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5076] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... futex resumed>) = 1 [pid 5076] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5076] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... futex resumed>) = 1 [pid 5076] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5076] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... futex resumed>) = 1 [pid 5076] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5076] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... futex resumed>) = 1 [pid 5076] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5076] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5075] exit_group(0) = ? [pid 5076] <... futex resumed>) = ? [pid 5076] +++ exited with 0 +++ [pid 5075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5077 attached , child_tidptr=0x55555746c690) = 5077 [pid 5077] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5077] chdir("./17") = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5077] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5077] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5077] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0} => {parent_tid=[5078]}, 88) = 5078 ./strace-static-x86_64: Process 5078 attached [pid 5077] rt_sigprocmask(SIG_SETMASK, [], [pid 5078] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5077] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5078] <... rseq resumed>) = 0 [pid 5077] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] set_robust_list(0x7f86d423d9a0, 24 [pid 5077] <... futex resumed>) = 0 [pid 5078] <... set_robust_list resumed>) = 0 [pid 5077] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5078] memfd_create("syzkaller", 0) = 3 [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5078] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5078] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5078] close(3) = 0 [pid 5078] mkdir("./file2", 0777) = 0 [pid 5078] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5078] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5078] chdir("./file2") = 0 [pid 5078] ioctl(4, LOOP_CLR_FD) = 0 [pid 5078] close(4) = 0 [pid 5078] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5078] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5077] <... futex resumed>) = 0 [pid 5078] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5077] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... openat resumed>) = 4 [pid 5078] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5078] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5077] <... futex resumed>) = 0 [ 76.489871][ T5078] loop0: detected capacity change from 0 to 4096 [pid 5077] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... write resumed>) = 1036288 [pid 5078] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5078] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = 1 [pid 5078] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5077] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... openat resumed>) = 5 [pid 5078] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5078] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5078] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5077] <... futex resumed>) = 1 [pid 5078] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5077] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = 1 [pid 5078] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5077] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] exit_group(0) = ? [pid 5078] <... futex resumed>) = ? [pid 5078] +++ exited with 0 +++ [pid 5077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746c690) = 5079 ./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5079] chdir("./18") = 0 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5079] setpgid(0, 0) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5079] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5079] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5079] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5079] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5079] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5080 attached [pid 5080] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5080] set_robust_list(0x7f86d423d9a0, 24 [pid 5079] <... clone3 resumed> => {parent_tid=[5080]}, 88) = 5080 [pid 5080] <... set_robust_list resumed>) = 0 [pid 5079] rt_sigprocmask(SIG_SETMASK, [], [pid 5080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5080] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5080] memfd_create("syzkaller", 0) = 3 [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5080] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5080] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5080] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5080] close(3) = 0 [pid 5080] mkdir("./file2", 0777) = 0 [pid 5080] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5080] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5080] chdir("./file2") = 0 [pid 5080] ioctl(4, LOOP_CLR_FD) = 0 [pid 5080] close(4) = 0 [pid 5080] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5080] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5080] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5080] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] <... futex resumed>) = 0 [pid 5080] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 76.686631][ T5080] loop0: detected capacity change from 0 to 4096 [pid 5079] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... write resumed>) = 1036288 [pid 5080] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5080] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] <... futex resumed>) = 0 [pid 5080] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5079] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5080] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... futex resumed>) = 1 [pid 5080] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5080] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5080] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5079] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5079] <... futex resumed>) = 0 [pid 5080] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... futex resumed>) = 0 [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] <... futex resumed>) = 0 [pid 5080] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5079] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... mmap resumed>) = 0x20000000 [pid 5080] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5080] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] exit_group(0 [pid 5080] <... futex resumed>) = ? [pid 5079] <... exit_group resumed>) = ? [pid 5080] +++ exited with 0 +++ [pid 5079] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5081] chdir("./19") = 0 [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5081] setpgid(0, 0) = 0 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5081] write(3, "1000", 4) = 4 [pid 5081] close(3) = 0 [pid 5081] symlink("/dev/binderfs", "./binderfs" [pid 5036] <... clone resumed>, child_tidptr=0x55555746c690) = 5081 [pid 5081] <... symlink resumed>) = 0 [pid 5081] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5081] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5081] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5082 attached [pid 5082] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5081] <... clone3 resumed> => {parent_tid=[5082]}, 88) = 5082 [pid 5082] <... rseq resumed>) = 0 [pid 5081] rt_sigprocmask(SIG_SETMASK, [], [pid 5082] set_robust_list(0x7f86d423d9a0, 24 [pid 5081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5082] <... set_robust_list resumed>) = 0 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], [pid 5081] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5081] <... futex resumed>) = 0 [pid 5082] memfd_create("syzkaller", 0 [pid 5081] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5082] <... memfd_create resumed>) = 3 [pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5082] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5082] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5082] close(3) = 0 [pid 5082] mkdir("./file2", 0777) = 0 [pid 5082] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5082] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5082] chdir("./file2") = 0 [pid 5082] ioctl(4, LOOP_CLR_FD) = 0 [pid 5082] close(4) = 0 [pid 5082] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5082] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = 1 [pid 5082] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5081] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.908090][ T5082] loop0: detected capacity change from 0 to 4096 [pid 5081] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... write resumed>) = 1036288 [pid 5082] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5081] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5082] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5082] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5081] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... openat resumed>) = 5 [pid 5082] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5082] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] <... futex resumed>) = 0 [pid 5082] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5081] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5082] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5082] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] <... futex resumed>) = 0 [pid 5082] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5081] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... mmap resumed>) = 0x20000000 [pid 5082] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5082] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] exit_group(0) = ? [pid 5082] <... futex resumed>) = ? [pid 5082] +++ exited with 0 +++ [pid 5081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5083 attached , child_tidptr=0x55555746c690) = 5083 [pid 5083] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5083] chdir("./20") = 0 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] setpgid(0, 0) = 0 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1000", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5083] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5083] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5083] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5084 attached [pid 5084] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5084] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5084] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... clone3 resumed> => {parent_tid=[5084]}, 88) = 5084 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5083] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5083] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5084] memfd_create("syzkaller", 0) = 3 [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5084] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5084] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5084] close(3) = 0 [pid 5084] mkdir("./file2", 0777) = 0 [pid 5084] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5084] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5084] chdir("./file2") = 0 [pid 5084] ioctl(4, LOOP_CLR_FD) = 0 [pid 5084] close(4) = 0 [pid 5084] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5083] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... openat resumed>) = 4 [pid 5084] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5083] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 77.115076][ T5084] loop0: detected capacity change from 0 to 4096 [pid 5084] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5084] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5084] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... futex resumed>) = 1 [pid 5084] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5084] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... futex resumed>) = 1 [pid 5084] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5084] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... futex resumed>) = 1 [pid 5084] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5084] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5084] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] exit_group(0) = ? [pid 5084] <... futex resumed>) = ? [pid 5084] +++ exited with 0 +++ [pid 5083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746c690) = 5085 ./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5085] chdir("./21") = 0 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5085] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5085] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5085] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0} => {parent_tid=[5086]}, 88) = 5086 ./strace-static-x86_64: Process 5086 attached [pid 5085] rt_sigprocmask(SIG_SETMASK, [], [pid 5086] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5086] <... rseq resumed>) = 0 [pid 5085] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] set_robust_list(0x7f86d423d9a0, 24 [pid 5085] <... futex resumed>) = 0 [pid 5086] <... set_robust_list resumed>) = 0 [pid 5085] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5086] memfd_create("syzkaller", 0) = 3 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5086] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5086] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5086] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5086] close(3) = 0 [pid 5086] mkdir("./file2", 0777) = 0 [pid 5086] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5086] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5086] chdir("./file2") = 0 [pid 5086] ioctl(4, LOOP_CLR_FD) = 0 [pid 5086] close(4) = 0 [pid 5086] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... futex resumed>) = 1 [pid 5086] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5086] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 1 [pid 5086] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5085] <... futex resumed>) = 0 [ 77.299637][ T5086] loop0: detected capacity change from 0 to 4096 [pid 5085] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... write resumed>) = 1036288 [pid 5086] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... futex resumed>) = 1 [pid 5086] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5086] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... futex resumed>) = 1 [pid 5086] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5086] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... futex resumed>) = 1 [pid 5086] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5086] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... futex resumed>) = 1 [pid 5086] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5086] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5085] exit_group(0) = ? [pid 5086] <... futex resumed>) = ? [pid 5086] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5087 attached , child_tidptr=0x55555746c690) = 5087 [pid 5087] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5087] chdir("./22") = 0 [pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5087] setpgid(0, 0) = 0 [pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5087] write(3, "1000", 4) = 4 [pid 5087] close(3) = 0 [pid 5087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5087] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5087] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5087] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5088 attached [pid 5088] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5088] set_robust_list(0x7f86d423d9a0, 24 [pid 5087] <... clone3 resumed> => {parent_tid=[5088]}, 88) = 5088 [pid 5088] <... set_robust_list resumed>) = 0 [pid 5087] rt_sigprocmask(SIG_SETMASK, [], [pid 5088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5088] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5088] memfd_create("syzkaller", 0) = 3 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5088] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5088] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5088] close(3) = 0 [pid 5088] mkdir("./file2", 0777) = 0 [pid 5088] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5088] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5088] chdir("./file2") = 0 [pid 5088] ioctl(4, LOOP_CLR_FD) = 0 [pid 5088] close(4) = 0 [pid 5088] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 1 [pid 5087] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... openat resumed>) = 4 [pid 5088] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 1 [pid 5087] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5087] <... futex resumed>) = 0 [ 77.483954][ T5088] loop0: detected capacity change from 0 to 4096 [pid 5087] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... write resumed>) = 1036288 [pid 5088] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5087] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5088] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5088] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5087] <... futex resumed>) = 0 [pid 5088] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5087] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... openat resumed>) = 5 [pid 5088] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5088] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5087] <... futex resumed>) = 1 [pid 5088] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5087] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5088] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5088] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5087] exit_group(0) = ? [pid 5088] +++ exited with 0 +++ [pid 5087] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5087, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746c690) = 5089 ./strace-static-x86_64: Process 5089 attached [pid 5089] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5089] chdir("./23") = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5089] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5089] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5089] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5090 attached [pid 5090] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5089] <... clone3 resumed> => {parent_tid=[5090]}, 88) = 5090 [pid 5090] <... rseq resumed>) = 0 [pid 5090] set_robust_list(0x7f86d423d9a0, 24 [pid 5089] rt_sigprocmask(SIG_SETMASK, [], [pid 5090] <... set_robust_list resumed>) = 0 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], [pid 5089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5089] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] memfd_create("syzkaller", 0 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5090] <... memfd_create resumed>) = 3 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5090] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5090] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5090] close(3) = 0 [pid 5090] mkdir("./file2", 0777) = 0 [pid 5090] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5090] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5090] chdir("./file2") = 0 [pid 5090] ioctl(4, LOOP_CLR_FD) = 0 [pid 5090] close(4) = 0 [pid 5090] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5090] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... futex resumed>) = 0 [pid 5090] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5090] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5089] <... futex resumed>) = 0 [ 77.709810][ T5090] loop0: detected capacity change from 0 to 4096 [pid 5089] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... write resumed>) = 1036288 [pid 5090] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5090] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5090] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5090] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5089] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... openat resumed>) = 5 [pid 5090] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5089] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5090] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5090] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5089] <... futex resumed>) = 0 [pid 5090] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5089] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... mmap resumed>) = 0x20000000 [pid 5090] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5090] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] exit_group(0) = ? [pid 5090] <... futex resumed>) = ? [pid 5090] +++ exited with 0 +++ [pid 5089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5091 attached , child_tidptr=0x55555746c690) = 5091 [pid 5091] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5091] chdir("./24") = 0 [pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5091] setpgid(0, 0) = 0 [pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5091] write(3, "1000", 4) = 4 [pid 5091] close(3) = 0 [pid 5091] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5091] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5091] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5091] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5092 attached => {parent_tid=[5092]}, 88) = 5092 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], [pid 5092] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5092] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5092] rt_sigprocmask(SIG_SETMASK, [], [pid 5091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5091] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5091] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5092] memfd_create("syzkaller", 0) = 3 [pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5092] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5092] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5092] close(3) = 0 [pid 5092] mkdir("./file2", 0777) = 0 [pid 5092] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5092] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5092] chdir("./file2") = 0 [pid 5092] ioctl(4, LOOP_CLR_FD) = 0 [pid 5092] close(4) = 0 [pid 5092] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5092] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5091] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... openat resumed>) = 4 [pid 5092] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5092] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5091] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 77.917789][ T5092] loop0: detected capacity change from 0 to 4096 [pid 5091] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... write resumed>) = 1036288 [pid 5092] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5092] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5092] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5092] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5092] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5092] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5091] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5092] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5092] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5091] <... futex resumed>) = 0 [pid 5092] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5091] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... mmap resumed>) = 0x20000000 [pid 5092] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5092] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] exit_group(0 [pid 5092] <... futex resumed>) = ? [pid 5091] <... exit_group resumed>) = ? [pid 5092] +++ exited with 0 +++ [pid 5091] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746c690) = 5093 ./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5093] chdir("./25") = 0 [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5093] setpgid(0, 0) = 0 [pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1000", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5093] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5093] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0} => {parent_tid=[5094]}, 88) = 5094 ./strace-static-x86_64: Process 5094 attached [pid 5093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5093] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5093] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5094] <... rseq resumed>) = 0 [pid 5094] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5094] memfd_create("syzkaller", 0) = 3 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5094] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5094] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5094] close(3) = 0 [pid 5094] mkdir("./file2", 0777) = 0 [pid 5094] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5094] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5094] chdir("./file2") = 0 [pid 5094] ioctl(4, LOOP_CLR_FD) = 0 [pid 5094] close(4) = 0 [pid 5094] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5093] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5094] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5094] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5093] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 78.095448][ T5094] loop0: detected capacity change from 0 to 4096 [pid 5093] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... write resumed>) = 1036288 [pid 5094] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5094] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5093] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5094] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... futex resumed>) = 1 [pid 5094] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5094] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... futex resumed>) = 1 [pid 5094] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5094] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... futex resumed>) = 1 [pid 5094] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5094] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5094] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] exit_group(0) = ? [pid 5094] <... futex resumed>) = ? [pid 5094] +++ exited with 0 +++ [pid 5093] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5095 attached [pid 5095] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5095] chdir("./26") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5036] <... clone resumed>, child_tidptr=0x55555746c690) = 5095 [pid 5095] <... prctl resumed>) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5095] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5095] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0} => {parent_tid=[5096]}, 88) = 5096 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5095] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5096 attached [pid 5096] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5096] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5096] memfd_create("syzkaller", 0) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5096] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5096] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5096] close(3) = 0 [pid 5096] mkdir("./file2", 0777) = 0 [pid 5096] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5096] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5096] chdir("./file2") = 0 [pid 5096] ioctl(4, LOOP_CLR_FD) = 0 [pid 5096] close(4) = 0 [pid 5096] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5096] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... openat resumed>) = 4 [pid 5096] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5096] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5095] <... futex resumed>) = 0 [ 78.288195][ T5096] loop0: detected capacity change from 0 to 4096 [pid 5095] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... write resumed>) = 1036288 [pid 5096] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5095] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5095] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... futex resumed>) = 1 [pid 5096] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5096] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] <... futex resumed>) = 0 [pid 5096] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5095] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... openat resumed>) = 5 [pid 5096] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5095] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5095] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5096] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... futex resumed>) = 0 [pid 5095] exit_group(0) = ? [pid 5096] <... futex resumed>) = ? [pid 5096] +++ exited with 0 +++ [pid 5095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5097 attached , child_tidptr=0x55555746c690) = 5097 [pid 5097] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5097] chdir("./27") = 0 [pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5097] setpgid(0, 0) = 0 [pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5097] write(3, "1000", 4) = 4 [pid 5097] close(3) = 0 [pid 5097] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5097] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5097] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5097] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5097] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5097] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5098 attached [pid 5098] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5097] <... clone3 resumed> => {parent_tid=[5098]}, 88) = 5098 [pid 5098] <... rseq resumed>) = 0 [pid 5097] rt_sigprocmask(SIG_SETMASK, [], [pid 5098] set_robust_list(0x7f86d423d9a0, 24 [pid 5097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5098] <... set_robust_list resumed>) = 0 [pid 5097] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] rt_sigprocmask(SIG_SETMASK, [], [pid 5097] <... futex resumed>) = 0 [pid 5098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5097] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5098] memfd_create("syzkaller", 0) = 3 [pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5098] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5098] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5098] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5098] close(3) = 0 [pid 5098] mkdir("./file2", 0777) = 0 [pid 5098] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5098] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5098] chdir("./file2") = 0 [pid 5098] ioctl(4, LOOP_CLR_FD) = 0 [pid 5098] close(4) = 0 [pid 5098] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5098] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5098] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5098] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5097] <... futex resumed>) = 1 [pid 5098] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 78.497686][ T5098] loop0: detected capacity change from 0 to 4096 [pid 5097] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... write resumed>) = 1036288 [pid 5098] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5097] <... futex resumed>) = 1 [pid 5098] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5097] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5098] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5098] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5098] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5097] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5097] <... futex resumed>) = 0 [pid 5098] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5097] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5098] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5097] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = 0 [pid 5097] exit_group(0) = ? [pid 5098] <... futex resumed>) = ? [pid 5098] +++ exited with 0 +++ [pid 5097] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746c690) = 5099 ./strace-static-x86_64: Process 5099 attached [pid 5099] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5099] chdir("./28") = 0 [pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5099] setpgid(0, 0) = 0 [pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5099] write(3, "1000", 4) = 4 [pid 5099] close(3) = 0 [pid 5099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5099] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5099] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5099] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5099] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0} => {parent_tid=[5100]}, 88) = 5100 [pid 5099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5099] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5100 attached [pid 5100] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5100] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5100] memfd_create("syzkaller", 0) = 3 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5100] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5100] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5100] close(3) = 0 [pid 5100] mkdir("./file2", 0777) = 0 [pid 5100] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5100] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5100] chdir("./file2") = 0 [pid 5100] ioctl(4, LOOP_CLR_FD) = 0 [pid 5100] close(4) = 0 [pid 5100] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5100] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] <... futex resumed>) = 0 [pid 5100] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5099] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... openat resumed>) = 4 [pid 5100] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... futex resumed>) = 1 [ 78.676895][ T5100] loop0: detected capacity change from 0 to 4096 [pid 5100] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5100] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = 1 [pid 5099] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5100] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5100] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5099] <... futex resumed>) = 1 [pid 5100] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5099] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... openat resumed>) = 5 [pid 5100] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5100] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5099] <... futex resumed>) = 0 [pid 5100] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5099] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5099] <... futex resumed>) = 1 [pid 5100] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5099] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... mmap resumed>) = 0x20000000 [pid 5100] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5100] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] exit_group(0 [pid 5100] <... futex resumed>) = ? [pid 5099] <... exit_group resumed>) = ? [pid 5100] +++ exited with 0 +++ [pid 5099] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5101 attached [pid 5101] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5101] chdir("./29") = 0 [pid 5036] <... clone resumed>, child_tidptr=0x55555746c690) = 5101 [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5101] setpgid(0, 0) = 0 [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5101] write(3, "1000", 4) = 4 [pid 5101] close(3) = 0 [pid 5101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5101] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5101] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5101] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5101] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0} => {parent_tid=[5102]}, 88) = 5102 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5102 attached [pid 5102] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5101] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] <... rseq resumed>) = 0 [pid 5101] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5102] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5102] memfd_create("syzkaller", 0) = 3 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5102] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5102] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5102] close(3) = 0 [pid 5102] mkdir("./file2", 0777) = 0 [pid 5102] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5102] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5102] chdir("./file2") = 0 [pid 5102] ioctl(4, LOOP_CLR_FD) = 0 [pid 5102] close(4) = 0 [pid 5102] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5102] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... futex resumed>) = 0 [pid 5102] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5102] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5102] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5101] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 78.873777][ T5102] loop0: detected capacity change from 0 to 4096 [pid 5102] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5102] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5102] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5101] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... openat resumed>) = 5 [pid 5102] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5102] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5102] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] exit_group(0) = ? [pid 5102] +++ exited with 0 +++ [pid 5101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746c690) = 5103 ./strace-static-x86_64: Process 5103 attached [pid 5103] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5103] chdir("./30") = 0 [pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5103] setpgid(0, 0) = 0 [pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5103] write(3, "1000", 4) = 4 [pid 5103] close(3) = 0 [pid 5103] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5103] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5103] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5103] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5103] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5103] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5104 attached => {parent_tid=[5104]}, 88) = 5104 [pid 5104] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5104] set_robust_list(0x7f86d423d9a0, 24 [pid 5103] rt_sigprocmask(SIG_SETMASK, [], [pid 5104] <... set_robust_list resumed>) = 0 [pid 5103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5104] rt_sigprocmask(SIG_SETMASK, [], [pid 5103] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5104] memfd_create("syzkaller", 0) = 3 [pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5104] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5104] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5104] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5104] close(3) = 0 [pid 5104] mkdir("./file2", 0777) = 0 [pid 5104] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5104] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5104] chdir("./file2") = 0 [pid 5104] ioctl(4, LOOP_CLR_FD) = 0 [pid 5104] close(4) = 0 [pid 5104] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5103] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... openat resumed>) = 4 [pid 5104] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] <... futex resumed>) = 0 [pid 5104] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5103] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5103] <... futex resumed>) = 0 [ 79.088945][ T5104] loop0: detected capacity change from 0 to 4096 [pid 5103] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... write resumed>) = 1036288 [pid 5104] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5104] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5103] <... futex resumed>) = 0 [pid 5104] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5103] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5104] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5104] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5103] <... futex resumed>) = 0 [pid 5104] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5103] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... openat resumed>) = 5 [pid 5104] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5103] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5104] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5104] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5103] exit_group(0) = ? [pid 5104] +++ exited with 0 +++ [pid 5103] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5105 attached , child_tidptr=0x55555746c690) = 5105 [pid 5105] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5105] chdir("./31") = 0 [pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5105] setpgid(0, 0) = 0 [pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5105] write(3, "1000", 4) = 4 [pid 5105] close(3) = 0 [pid 5105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5105] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5105] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5105] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0} => {parent_tid=[5106]}, 88) = 5106 [pid 5105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5105] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5106 attached [pid 5106] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5106] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5106] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5106] memfd_create("syzkaller", 0) = 3 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5106] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5106] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5106] close(3) = 0 [pid 5106] mkdir("./file2", 0777) = 0 [pid 5106] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5106] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5106] chdir("./file2") = 0 [pid 5106] ioctl(4, LOOP_CLR_FD) = 0 [pid 5106] close(4) = 0 [pid 5106] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] <... futex resumed>) = 0 [pid 5106] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5105] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... openat resumed>) = 4 [pid 5106] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5106] <... futex resumed>) = 1 [pid 5105] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5105] <... futex resumed>) = 0 [ 79.276066][ T5106] loop0: detected capacity change from 0 to 4096 [pid 5105] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... write resumed>) = 1036288 [pid 5106] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5105] <... futex resumed>) = 1 [pid 5106] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5105] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5106] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... futex resumed>) = 1 [pid 5106] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5106] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5105] <... futex resumed>) = 1 [pid 5106] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5105] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5106] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5105] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... mmap resumed>) = 0x20000000 [pid 5106] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5105] exit_group(0) = ? [pid 5106] <... futex resumed>) = ? [pid 5106] +++ exited with 0 +++ [pid 5105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5107 attached [pid 5107] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5107] chdir("./32" [pid 5036] <... clone resumed>, child_tidptr=0x55555746c690) = 5107 [pid 5107] <... chdir resumed>) = 0 [pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5107] setpgid(0, 0) = 0 [pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5107] write(3, "1000", 4) = 4 [pid 5107] close(3) = 0 [pid 5107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5107] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5107] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5107] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5107] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5107] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5108 attached [pid 5108] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5107] <... clone3 resumed> => {parent_tid=[5108]}, 88) = 5108 [pid 5107] rt_sigprocmask(SIG_SETMASK, [], [pid 5108] <... rseq resumed>) = 0 [pid 5108] set_robust_list(0x7f86d423d9a0, 24 [pid 5107] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5108] <... set_robust_list resumed>) = 0 [pid 5107] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5108] memfd_create("syzkaller", 0) = 3 [pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5108] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5108] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5108] close(3) = 0 [pid 5108] mkdir("./file2", 0777) = 0 [pid 5108] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5108] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5108] chdir("./file2") = 0 [pid 5108] ioctl(4, LOOP_CLR_FD) = 0 [pid 5108] close(4) = 0 [pid 5108] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5108] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5108] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 79.460109][ T5108] loop0: detected capacity change from 0 to 4096 [pid 5108] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5108] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5108] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5107] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5108] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5108] <... futex resumed>) = 1 [pid 5107] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5108] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5108] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5108] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5107] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5108] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] <... futex resumed>) = 0 [pid 5107] exit_group(0) = ? [pid 5108] <... futex resumed>) = ? [pid 5108] +++ exited with 0 +++ [pid 5107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5107, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746c690) = 5109 ./strace-static-x86_64: Process 5109 attached [pid 5109] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5109] chdir("./33") = 0 [pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5109] setpgid(0, 0) = 0 [pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5109] write(3, "1000", 4) = 4 [pid 5109] close(3) = 0 [pid 5109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5109] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5109] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5109] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5109] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5109] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5110 attached [pid 5110] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5109] <... clone3 resumed> => {parent_tid=[5110]}, 88) = 5110 [pid 5110] <... rseq resumed>) = 0 [pid 5109] rt_sigprocmask(SIG_SETMASK, [], [pid 5110] set_robust_list(0x7f86d423d9a0, 24 [pid 5109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5110] <... set_robust_list resumed>) = 0 [pid 5110] rt_sigprocmask(SIG_SETMASK, [], [pid 5109] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5110] memfd_create("syzkaller", 0 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5110] <... memfd_create resumed>) = 3 [pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5110] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5110] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5110] close(3) = 0 [pid 5110] mkdir("./file2", 0777) = 0 [pid 5110] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5110] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5110] chdir("./file2") = 0 [pid 5110] ioctl(4, LOOP_CLR_FD) = 0 [pid 5110] close(4) = 0 [pid 5110] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5110] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5109] <... futex resumed>) = 1 [pid 5110] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5109] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... openat resumed>) = 4 [pid 5110] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5110] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5109] <... futex resumed>) = 0 [pid 5110] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 79.659974][ T5110] loop0: detected capacity change from 0 to 4096 [pid 5109] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... write resumed>) = 1036288 [pid 5110] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5110] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5110] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5110] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5110] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5109] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... openat resumed>) = 5 [pid 5110] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5109] <... futex resumed>) = 0 [pid 5110] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5109] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5110] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5109] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5110] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5110] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] exit_group(0) = ? [pid 5110] <... futex resumed>) = ? [pid 5110] +++ exited with 0 +++ [pid 5109] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5111 attached , child_tidptr=0x55555746c690) = 5111 [pid 5111] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5111] chdir("./34") = 0 [pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5111] setpgid(0, 0) = 0 [pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5111] write(3, "1000", 4) = 4 [pid 5111] close(3) = 0 [pid 5111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5111] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5111] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5111] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5111] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5112 attached => {parent_tid=[5112]}, 88) = 5112 [pid 5111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5111] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5112] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5112] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5112] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5112] memfd_create("syzkaller", 0) = 3 [pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5112] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5112] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5112] close(3) = 0 [pid 5112] mkdir("./file2", 0777) = 0 [pid 5112] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5112] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5112] chdir("./file2") = 0 [pid 5112] ioctl(4, LOOP_CLR_FD) = 0 [pid 5112] close(4) = 0 [pid 5112] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5111] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... openat resumed>) = 4 [pid 5112] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5112] <... futex resumed>) = 1 [pid 5111] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5111] <... futex resumed>) = 0 [ 79.862692][ T5112] loop0: detected capacity change from 0 to 4096 [pid 5111] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... write resumed>) = 1036288 [pid 5112] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5112] <... futex resumed>) = 1 [pid 5112] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5111] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5112] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5111] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... openat resumed>) = 5 [pid 5112] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5112] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5111] <... futex resumed>) = 0 [pid 5112] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5111] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5112] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... mmap resumed>) = 0x20000000 [pid 5112] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5112] <... futex resumed>) = 1 [pid 5111] exit_group(0 [pid 5112] ???( [pid 5111] <... exit_group resumed>) = ? [pid 5112] <... ??? resumed>) = ? [pid 5112] +++ exited with 0 +++ [pid 5111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5113 attached , child_tidptr=0x55555746c690) = 5113 [pid 5113] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5113] chdir("./35") = 0 [pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5113] setpgid(0, 0) = 0 [pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5113] write(3, "1000", 4) = 4 [pid 5113] close(3) = 0 [pid 5113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5113] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5113] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5113] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5114 attached [pid 5114] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5114] set_robust_list(0x7f86d423d9a0, 24 [pid 5113] <... clone3 resumed> => {parent_tid=[5114]}, 88) = 5114 [pid 5114] <... set_robust_list resumed>) = 0 [pid 5113] rt_sigprocmask(SIG_SETMASK, [], [pid 5114] rt_sigprocmask(SIG_SETMASK, [], [pid 5113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5114] memfd_create("syzkaller", 0 [pid 5113] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5114] <... memfd_create resumed>) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5114] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5114] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5114] close(3) = 0 [pid 5114] mkdir("./file2", 0777) = 0 [pid 5114] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5114] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5114] chdir("./file2") = 0 [pid 5114] ioctl(4, LOOP_CLR_FD) = 0 [pid 5114] close(4) = 0 [pid 5114] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5114] <... futex resumed>) = 1 [pid 5113] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... openat resumed>) = 4 [pid 5114] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5114] <... futex resumed>) = 1 [pid 5113] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5113] <... futex resumed>) = 0 [ 80.058936][ T5114] loop0: detected capacity change from 0 to 4096 [pid 5113] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... write resumed>) = 1036288 [pid 5114] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5113] <... futex resumed>) = 0 [pid 5114] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5113] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5114] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5114] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5114] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5113] <... futex resumed>) = 0 [pid 5114] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5113] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5114] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = 0 [pid 5113] <... futex resumed>) = 1 [pid 5114] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5113] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... mmap resumed>) = 0x20000000 [pid 5114] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] exit_group(0 [pid 5114] <... futex resumed>) = ? [pid 5113] <... exit_group resumed>) = ? [pid 5114] +++ exited with 0 +++ [pid 5113] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5113, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5115 attached [pid 5115] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5036] <... clone resumed>, child_tidptr=0x55555746c690) = 5115 [pid 5115] chdir("./36") = 0 [pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5115] setpgid(0, 0) = 0 [pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5115] write(3, "1000", 4) = 4 [pid 5115] close(3) = 0 [pid 5115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5115] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5115] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5115] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5115] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5115] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5116 attached [pid 5116] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5116] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5116] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] <... clone3 resumed> => {parent_tid=[5116]}, 88) = 5116 [pid 5115] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5115] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5115] <... futex resumed>) = 1 [pid 5116] memfd_create("syzkaller", 0 [pid 5115] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5116] <... memfd_create resumed>) = 3 [pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5116] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5116] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5116] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5116] close(3) = 0 [pid 5116] mkdir("./file2", 0777) = 0 [pid 5116] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5116] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5116] chdir("./file2") = 0 [pid 5116] ioctl(4, LOOP_CLR_FD) = 0 [pid 5116] close(4) = 0 [pid 5116] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5115] <... futex resumed>) = 1 [pid 5116] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5115] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... openat resumed>) = 4 [pid 5116] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5116] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5115] <... futex resumed>) = 0 [pid 5116] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 80.242184][ T5116] loop0: detected capacity change from 0 to 4096 [pid 5115] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... write resumed>) = 1036288 [pid 5116] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 1 [pid 5116] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5115] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5116] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5116] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5115] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5116] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5116] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5115] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5116] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5116] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5116] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5115] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... mmap resumed>) = 0x20000000 [pid 5116] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5115] exit_group(0) = ? [pid 5116] +++ exited with 0 +++ [pid 5115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5117 attached , child_tidptr=0x55555746c690) = 5117 [pid 5117] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5117] chdir("./37") = 0 [pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5117] setpgid(0, 0) = 0 [pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5117] write(3, "1000", 4) = 4 [pid 5117] close(3) = 0 [pid 5117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5117] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5117] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5117] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5117] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0} => {parent_tid=[5118]}, 88) = 5118 [pid 5117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5117] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5118 attached [pid 5118] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5118] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5118] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5118] memfd_create("syzkaller", 0) = 3 [pid 5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5118] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5118] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5118] close(3) = 0 [pid 5118] mkdir("./file2", 0777) = 0 [pid 5118] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5118] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5118] chdir("./file2") = 0 [pid 5118] ioctl(4, LOOP_CLR_FD) = 0 [pid 5118] close(4) = 0 [pid 5118] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = 1 [pid 5118] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5117] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... openat resumed>) = 4 [pid 5118] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5118] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] <... futex resumed>) = 0 [pid 5118] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 80.427201][ T5118] loop0: detected capacity change from 0 to 4096 [pid 5117] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... write resumed>) = 1036288 [pid 5118] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = 0 [pid 5118] <... futex resumed>) = 1 [pid 5117] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5118] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = 0 [pid 5118] <... futex resumed>) = 1 [pid 5117] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... openat resumed>) = 5 [pid 5118] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5118] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5117] <... futex resumed>) = 0 [pid 5118] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5117] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5118] <... futex resumed>) = 0 [pid 5117] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5117] <... futex resumed>) = 0 [pid 5118] <... mmap resumed>) = 0x20000000 [pid 5117] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5118] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] exit_group(0 [pid 5118] <... futex resumed>) = ? [pid 5117] <... exit_group resumed>) = ? [pid 5118] +++ exited with 0 +++ [pid 5117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5117, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746c690) = 5119 ./strace-static-x86_64: Process 5119 attached [pid 5119] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5119] chdir("./38") = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5119] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5119] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5119] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5120 attached => {parent_tid=[5120]}, 88) = 5120 [pid 5120] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5119] rt_sigprocmask(SIG_SETMASK, [], [pid 5120] <... rseq resumed>) = 0 [pid 5120] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5119] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5120] memfd_create("syzkaller", 0) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5120] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5120] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5120] close(3) = 0 [pid 5120] mkdir("./file2", 0777) = 0 [pid 5120] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5120] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5120] chdir("./file2") = 0 [pid 5120] ioctl(4, LOOP_CLR_FD) = 0 [pid 5120] close(4) = 0 [pid 5120] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5119] <... futex resumed>) = 0 [pid 5120] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5119] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... openat resumed>) = 4 [pid 5120] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5119] <... futex resumed>) = 0 [pid 5120] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 80.632829][ T5120] loop0: detected capacity change from 0 to 4096 [pid 5119] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... write resumed>) = 1036288 [pid 5120] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5119] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5120] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = 1 [pid 5120] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5119] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... openat resumed>) = 5 [pid 5120] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5119] <... futex resumed>) = 0 [pid 5120] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5119] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5120] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5119] <... futex resumed>) = 0 [pid 5120] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5119] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... mmap resumed>) = 0x20000000 [pid 5120] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] exit_group(0) = ? [pid 5120] <... futex resumed>) = ? [pid 5120] +++ exited with 0 +++ [pid 5119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5121 attached , child_tidptr=0x55555746c690) = 5121 [pid 5121] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5121] chdir("./39") = 0 [pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5121] setpgid(0, 0) = 0 [pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5121] write(3, "1000", 4) = 4 [pid 5121] close(3) = 0 [pid 5121] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5121] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5121] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5121] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5121] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5121] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0} => {parent_tid=[5122]}, 88) = 5122 [pid 5121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5122 attached [pid 5121] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5122] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5122] memfd_create("syzkaller", 0) = 3 [pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5122] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5122] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5122] close(3) = 0 [pid 5122] mkdir("./file2", 0777) = 0 [pid 5122] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5122] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5122] chdir("./file2") = 0 [pid 5122] ioctl(4, LOOP_CLR_FD) = 0 [pid 5122] close(4) = 0 [pid 5122] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5122] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5121] <... futex resumed>) = 1 [pid 5121] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5122] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5122] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5121] <... futex resumed>) = 0 [pid 5122] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 80.833766][ T5122] loop0: detected capacity change from 0 to 4096 [pid 5121] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... write resumed>) = 1036288 [pid 5122] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5122] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5121] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5122] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5122] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5122] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5122] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5121] exit_group(0) = ? [pid 5122] +++ exited with 0 +++ [pid 5121] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5123 attached , child_tidptr=0x55555746c690) = 5123 [pid 5123] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5123] chdir("./40") = 0 [pid 5123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5123] setpgid(0, 0) = 0 [pid 5123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5123] write(3, "1000", 4) = 4 [pid 5123] close(3) = 0 [pid 5123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5123] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5123] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5123] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5124 attached => {parent_tid=[5124]}, 88) = 5124 [pid 5124] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5123] rt_sigprocmask(SIG_SETMASK, [], [pid 5124] <... rseq resumed>) = 0 [pid 5123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5124] set_robust_list(0x7f86d423d9a0, 24 [pid 5123] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... set_robust_list resumed>) = 0 [pid 5123] <... futex resumed>) = 0 [pid 5124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5123] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5124] memfd_create("syzkaller", 0) = 3 [pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5124] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5124] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5124] close(3) = 0 [pid 5124] mkdir("./file2", 0777) = 0 [pid 5124] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5124] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5124] chdir("./file2") = 0 [pid 5124] ioctl(4, LOOP_CLR_FD) = 0 [pid 5124] close(4) = 0 [pid 5124] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5124] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5123] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... openat resumed>) = 4 [pid 5124] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5124] <... futex resumed>) = 1 [pid 5123] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5123] <... futex resumed>) = 0 [ 81.014737][ T5124] loop0: detected capacity change from 0 to 4096 [pid 5123] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... write resumed>) = 1036288 [pid 5124] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5124] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5123] <... futex resumed>) = 1 [pid 5124] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5123] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5124] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5124] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5123] <... futex resumed>) = 1 [pid 5124] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5123] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... openat resumed>) = 5 [pid 5124] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5124] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5123] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5124] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5124] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] <... futex resumed>) = 0 [pid 5123] exit_group(0) = ? [pid 5124] <... futex resumed>) = ? [pid 5124] +++ exited with 0 +++ [pid 5123] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5123, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5125 attached , child_tidptr=0x55555746c690) = 5125 [pid 5125] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5125] chdir("./41") = 0 [pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5125] setpgid(0, 0) = 0 [pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5125] write(3, "1000", 4) = 4 [pid 5125] close(3) = 0 [pid 5125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5125] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5125] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5125] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5126 attached [pid 5126] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5125] <... clone3 resumed> => {parent_tid=[5126]}, 88) = 5126 [pid 5126] <... rseq resumed>) = 0 [pid 5125] rt_sigprocmask(SIG_SETMASK, [], [pid 5126] set_robust_list(0x7f86d423d9a0, 24 [pid 5125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5126] <... set_robust_list resumed>) = 0 [pid 5125] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] rt_sigprocmask(SIG_SETMASK, [], [pid 5125] <... futex resumed>) = 0 [pid 5126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5125] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5126] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5126] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] mkdir("./file2", 0777) = 0 [pid 5126] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5126] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./file2") = 0 [pid 5126] ioctl(4, LOOP_CLR_FD) = 0 [pid 5126] close(4) = 0 [pid 5126] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5126] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5125] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 81.187955][ T5126] loop0: detected capacity change from 0 to 4096 [pid 5125] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... write resumed>) = 1036288 [pid 5126] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5125] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5126] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5125] <... futex resumed>) = 0 [pid 5126] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5125] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... openat resumed>) = 5 [pid 5126] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... futex resumed>) = 1 [pid 5126] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5126] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... futex resumed>) = 1 [pid 5126] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5126] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5125] exit_group(0) = ? [pid 5126] <... futex resumed>) = ? [pid 5126] +++ exited with 0 +++ [pid 5125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746c690) = 5127 ./strace-static-x86_64: Process 5127 attached [pid 5127] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5127] chdir("./42") = 0 [pid 5127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5127] setpgid(0, 0) = 0 [pid 5127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5127] write(3, "1000", 4) = 4 [pid 5127] close(3) = 0 [pid 5127] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5127] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5127] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5127] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5127] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5127] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0} => {parent_tid=[5128]}, 88) = 5128 [pid 5127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5127] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5128 attached [pid 5128] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5128] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5128] memfd_create("syzkaller", 0) = 3 [pid 5128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5128] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5128] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5128] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5128] close(3) = 0 [pid 5128] mkdir("./file2", 0777) = 0 [pid 5128] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5128] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5128] chdir("./file2") = 0 [pid 5128] ioctl(4, LOOP_CLR_FD) = 0 [pid 5128] close(4) = 0 [pid 5128] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5127] <... futex resumed>) = 0 [pid 5127] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... futex resumed>) = 0 [pid 5128] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5128] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5127] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = 1 [pid 5127] <... futex resumed>) = 0 [pid 5128] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 81.389079][ T5128] loop0: detected capacity change from 0 to 4096 [pid 5127] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... write resumed>) = 1036288 [pid 5128] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5127] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] <... futex resumed>) = 1 [pid 5127] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5128] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5128] <... futex resumed>) = 1 [pid 5127] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5127] <... futex resumed>) = 0 [pid 5127] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... openat resumed>) = 5 [pid 5128] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] <... futex resumed>) = 0 [pid 5127] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5127] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5128] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] <... futex resumed>) = 0 [pid 5127] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5127] <... futex resumed>) = 0 [pid 5127] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... mmap resumed>) = 0x20000000 [pid 5128] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5128] <... futex resumed>) = 1 [pid 5127] exit_group(0 [pid 5128] ???( [pid 5127] <... exit_group resumed>) = ? [pid 5128] <... ??? resumed>) = ? [pid 5128] +++ exited with 0 +++ [pid 5127] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5127, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5129 attached , child_tidptr=0x55555746c690) = 5129 [pid 5129] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5129] chdir("./43") = 0 [pid 5129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5129] setpgid(0, 0) = 0 [pid 5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5129] write(3, "1000", 4) = 4 [pid 5129] close(3) = 0 [pid 5129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5129] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5129] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5129] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5129] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5130 attached [pid 5130] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5129] <... clone3 resumed> => {parent_tid=[5130]}, 88) = 5130 [pid 5130] <... rseq resumed>) = 0 [pid 5129] rt_sigprocmask(SIG_SETMASK, [], [pid 5130] set_robust_list(0x7f86d423d9a0, 24 [pid 5129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5130] <... set_robust_list resumed>) = 0 [pid 5129] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] rt_sigprocmask(SIG_SETMASK, [], [pid 5129] <... futex resumed>) = 0 [pid 5130] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5129] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5130] memfd_create("syzkaller", 0) = 3 [pid 5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5130] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5130] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5130] close(3) = 0 [pid 5130] mkdir("./file2", 0777) = 0 [pid 5130] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5130] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5130] chdir("./file2") = 0 [pid 5130] ioctl(4, LOOP_CLR_FD) = 0 [pid 5130] close(4) = 0 [pid 5130] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = 1 [pid 5130] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5130] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5130] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5130] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5129] <... futex resumed>) = 0 [ 81.568777][ T5130] loop0: detected capacity change from 0 to 4096 [pid 5129] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5129] futex(0x7f86d43286dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d41fc000 [pid 5129] mprotect(0x7f86d41fd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5129] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d421c990, parent_tid=0x7f86d421c990, exit_signal=0, stack=0x7f86d41fc000, stack_size=0x20300, tls=0x7f86d421c6c0}./strace-static-x86_64: Process 5131 attached => {parent_tid=[5131]}, 88) = 5131 [pid 5129] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5129] futex(0x7f86d43286d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f86d43286dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... write resumed>) = 1036288 [pid 5131] rseq(0x7f86d421cfe0, 0x20, 0, 0x53053053 [pid 5130] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... rseq resumed>) = 0 [pid 5130] <... futex resumed>) = 0 [pid 5131] set_robust_list(0x7f86d421c9a0, 24 [pid 5130] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] <... set_robust_list resumed>) = 0 [pid 5131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5131] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5131] futex(0x7f86d43286dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] futex(0x7f86d43286d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = 0 [pid 5130] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5130] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = 1 [pid 5130] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5130] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = 1 [pid 5130] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5130] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5129] exit_group(0 [pid 5131] <... futex resumed>) = ? [pid 5131] +++ exited with 0 +++ [pid 5130] <... futex resumed>) = ? [pid 5129] <... exit_group resumed>) = ? [pid 5130] +++ exited with 0 +++ [pid 5129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5129, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746c690) = 5132 ./strace-static-x86_64: Process 5132 attached [pid 5132] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5132] chdir("./44") = 0 [pid 5132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5132] setpgid(0, 0) = 0 [pid 5132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5132] write(3, "1000", 4) = 4 [pid 5132] close(3) = 0 [pid 5132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5132] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5132] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5132] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5132] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5132] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0} => {parent_tid=[5133]}, 88) = 5133 ./strace-static-x86_64: Process 5133 attached [pid 5132] rt_sigprocmask(SIG_SETMASK, [], [pid 5133] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5132] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5133] set_robust_list(0x7f86d423d9a0, 24 [pid 5132] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... set_robust_list resumed>) = 0 [pid 5132] <... futex resumed>) = 0 [pid 5133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5132] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5133] memfd_create("syzkaller", 0) = 3 [pid 5133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5133] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5133] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5133] close(3) = 0 [pid 5133] mkdir("./file2", 0777) = 0 [pid 5133] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5133] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5133] chdir("./file2") = 0 [pid 5133] ioctl(4, LOOP_CLR_FD) = 0 [pid 5133] close(4) = 0 [pid 5133] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5133] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5132] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] <... openat resumed>) = 4 [pid 5133] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] <... futex resumed>) = 0 [pid 5132] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] <... futex resumed>) = 0 [ 81.830422][ T5133] loop0: detected capacity change from 0 to 4096 [pid 5133] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5133] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5132] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5132] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5133] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5133] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5132] <... futex resumed>) = 0 [pid 5133] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5132] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] <... openat resumed>) = 5 [pid 5133] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5133] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5132] <... futex resumed>) = 0 [pid 5133] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5132] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5133] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5133] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5132] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... mmap resumed>) = 0x20000000 [pid 5132] <... futex resumed>) = 0 [pid 5132] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5133] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] exit_group(0 [pid 5133] <... futex resumed>) = ? [pid 5132] <... exit_group resumed>) = ? [pid 5133] +++ exited with 0 +++ [pid 5132] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5132, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746c690) = 5134 ./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5134] chdir("./45") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5134] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0} => {parent_tid=[5135]}, 88) = 5135 [pid 5134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5134] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5135 attached [pid 5135] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5135] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5135] memfd_create("syzkaller", 0) = 3 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5135] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5135] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5135] close(3) = 0 [pid 5135] mkdir("./file2", 0777) = 0 [pid 5135] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5135] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5135] chdir("./file2") = 0 [pid 5135] ioctl(4, LOOP_CLR_FD) = 0 [pid 5135] close(4) = 0 [pid 5135] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... openat resumed>) = 4 [pid 5135] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5135] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 82.001888][ T5135] loop0: detected capacity change from 0 to 4096 [pid 5134] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... write resumed>) = 1036288 [pid 5135] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5135] <... futex resumed>) = 1 [pid 5134] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5135] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5135] <... futex resumed>) = 1 [pid 5134] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... openat resumed>) = 5 [pid 5135] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5134] <... futex resumed>) = 0 [pid 5135] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5134] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5135] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5135] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5134] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... mmap resumed>) = 0x20000000 [pid 5135] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5134] exit_group(0) = ? [pid 5135] +++ exited with 0 +++ [pid 5134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5134, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746c690) = 5136 ./strace-static-x86_64: Process 5136 attached [pid 5136] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5136] chdir("./46") = 0 [pid 5136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5136] setpgid(0, 0) = 0 [pid 5136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5136] write(3, "1000", 4) = 4 [pid 5136] close(3) = 0 [pid 5136] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5136] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5136] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5136] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5136] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5136] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5137 attached => {parent_tid=[5137]}, 88) = 5137 [pid 5137] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5136] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] <... rseq resumed>) = 0 [pid 5136] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5137] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5137] memfd_create("syzkaller", 0) = 3 [pid 5137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5137] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5137] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5137] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5137] close(3) = 0 [pid 5137] mkdir("./file2", 0777) = 0 [pid 5137] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5137] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5137] chdir("./file2") = 0 [pid 5137] ioctl(4, LOOP_CLR_FD) = 0 [pid 5137] close(4) = 0 [pid 5137] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] <... futex resumed>) = 0 [pid 5136] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5136] <... futex resumed>) = 0 [pid 5136] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... openat resumed>) = 4 [pid 5137] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] <... futex resumed>) = 0 [pid 5137] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5136] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 82.215741][ T5137] loop0: detected capacity change from 0 to 4096 [pid 5136] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... write resumed>) = 1036288 [pid 5137] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = 0 [pid 5136] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... futex resumed>) = 1 [pid 5137] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5137] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] <... futex resumed>) = 0 [pid 5137] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5136] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] <... openat resumed>) = 5 [pid 5136] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] <... futex resumed>) = 0 [pid 5137] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5136] <... futex resumed>) = 0 [pid 5137] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5136] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5137] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] <... futex resumed>) = 0 [pid 5137] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5136] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5136] <... futex resumed>) = 0 [pid 5136] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... mmap resumed>) = 0x20000000 [pid 5137] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] <... futex resumed>) = 0 [pid 5136] exit_group(0) = ? [pid 5137] +++ exited with 0 +++ [pid 5136] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5136, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5138 attached , child_tidptr=0x55555746c690) = 5138 [pid 5138] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5138] chdir("./47") = 0 [pid 5138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5138] setpgid(0, 0) = 0 [pid 5138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5138] write(3, "1000", 4) = 4 [pid 5138] close(3) = 0 [pid 5138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5138] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5138] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5138] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5139 attached => {parent_tid=[5139]}, 88) = 5139 [pid 5139] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5138] rt_sigprocmask(SIG_SETMASK, [], [pid 5139] set_robust_list(0x7f86d423d9a0, 24 [pid 5138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5139] <... set_robust_list resumed>) = 0 [pid 5138] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] rt_sigprocmask(SIG_SETMASK, [], [pid 5138] <... futex resumed>) = 0 [pid 5139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5138] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5139] memfd_create("syzkaller", 0) = 3 [pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5139] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5139] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5139] close(3) = 0 [pid 5139] mkdir("./file2", 0777) = 0 [pid 5139] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5139] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5139] chdir("./file2") = 0 [pid 5139] ioctl(4, LOOP_CLR_FD) = 0 [pid 5139] close(4) = 0 [pid 5139] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5139] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 0 [pid 5138] <... futex resumed>) = 1 [pid 5138] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5139] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5139] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 82.411300][ T5139] loop0: detected capacity change from 0 to 4096 [pid 5139] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651) = 1036288 [pid 5139] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5139] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5139] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5138] <... futex resumed>) = 0 [pid 5139] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5138] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... openat resumed>) = 5 [pid 5139] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 0 [pid 5138] <... futex resumed>) = 1 [pid 5139] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5138] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5139] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5139] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5138] <... futex resumed>) = 0 [pid 5139] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5138] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... mmap resumed>) = 0x20000000 [pid 5139] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5139] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] exit_group(0) = ? [pid 5139] <... futex resumed>) = ? [pid 5139] +++ exited with 0 +++ [pid 5138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5138, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5140 attached , child_tidptr=0x55555746c690) = 5140 [pid 5140] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5140] chdir("./48") = 0 [pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5140] setpgid(0, 0) = 0 [pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5140] write(3, "1000", 4) = 4 [pid 5140] close(3) = 0 [pid 5140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5140] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5140] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5140] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0}./strace-static-x86_64: Process 5141 attached => {parent_tid=[5141]}, 88) = 5141 [pid 5141] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5140] rt_sigprocmask(SIG_SETMASK, [], [pid 5141] <... rseq resumed>) = 0 [pid 5140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5141] set_robust_list(0x7f86d423d9a0, 24 [pid 5140] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... set_robust_list resumed>) = 0 [pid 5140] <... futex resumed>) = 0 [pid 5141] rt_sigprocmask(SIG_SETMASK, [], [pid 5140] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5141] memfd_create("syzkaller", 0) = 3 [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5141] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5141] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5141] close(3) = 0 [pid 5141] mkdir("./file2", 0777) = 0 [pid 5141] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5141] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5141] chdir("./file2") = 0 [pid 5141] ioctl(4, LOOP_CLR_FD) = 0 [pid 5141] close(4) = 0 [pid 5141] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5140] <... futex resumed>) = 1 [pid 5140] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5141] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5141] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5140] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 82.614415][ T5141] loop0: detected capacity change from 0 to 4096 [pid 5140] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... write resumed>) = 1036288 [pid 5141] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5141] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5140] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5141] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5141] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5140] <... futex resumed>) = 0 [pid 5141] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5140] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... openat resumed>) = 5 [pid 5141] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5140] <... futex resumed>) = 1 [pid 5141] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5140] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5141] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 1 [pid 5141] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5140] <... futex resumed>) = 0 [pid 5141] <... mmap resumed>) = 0x20000000 [pid 5140] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5140] exit_group(0) = ? [pid 5141] <... futex resumed>) = ? [pid 5141] +++ exited with 0 +++ [pid 5140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5140, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5142 attached , child_tidptr=0x55555746c690) = 5142 [pid 5142] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5142] chdir("./49") = 0 [pid 5142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5142] setpgid(0, 0) = 0 [pid 5142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5142] write(3, "1000", 4) = 4 [pid 5142] close(3) = 0 [pid 5142] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5142] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5142] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5142] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5142] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5142] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0} => {parent_tid=[5143]}, 88) = 5143 ./strace-static-x86_64: Process 5143 attached [pid 5143] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5143] <... rseq resumed>) = 0 [pid 5143] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5142] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] rt_sigprocmask(SIG_SETMASK, [], [pid 5142] <... futex resumed>) = 0 [pid 5143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5142] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5143] memfd_create("syzkaller", 0) = 3 [pid 5143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5143] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5143] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5143] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5143] close(3) = 0 [pid 5143] mkdir("./file2", 0777) = 0 [pid 5143] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5143] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5143] chdir("./file2") = 0 [pid 5143] ioctl(4, LOOP_CLR_FD) = 0 [pid 5143] close(4) = 0 [pid 5143] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] <... futex resumed>) = 0 [pid 5142] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5142] <... futex resumed>) = 1 [pid 5143] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5142] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... openat resumed>) = 4 [pid 5143] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] <... futex resumed>) = 0 [pid 5142] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [pid 5142] <... futex resumed>) = 0 [ 82.790814][ T5143] loop0: detected capacity change from 0 to 4096 [pid 5142] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... write resumed>) = 1036288 [pid 5143] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] <... futex resumed>) = 0 [pid 5143] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5142] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5143] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] <... futex resumed>) = 0 [pid 5143] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5142] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... openat resumed>) = 5 [pid 5143] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] <... futex resumed>) = 0 [pid 5142] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 ENOSPC (No space left on device) [pid 5143] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] <... futex resumed>) = 0 [pid 5142] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 5142] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... mmap resumed>) = 0x20000000 [pid 5143] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] <... futex resumed>) = 0 [pid 5143] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] exit_group(0 [pid 5143] <... futex resumed>) = ? [pid 5142] <... exit_group resumed>) = ? [pid 5143] +++ exited with 0 +++ [pid 5142] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5142, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5144] chdir("./50") = 0 [pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5144] setpgid(0, 0 [pid 5036] <... clone resumed>, child_tidptr=0x55555746c690) = 5144 [pid 5144] <... setpgid resumed>) = 0 [pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5144] write(3, "1000", 4) = 4 [pid 5144] close(3) = 0 [pid 5144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5144] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5144] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5144] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0} => {parent_tid=[5145]}, 88) = 5145 [pid 5144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5144] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5145 attached [pid 5145] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053) = 0 [pid 5145] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5145] memfd_create("syzkaller", 0) = 3 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5145] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5145] munmap(0x7f86cbe1d000, 138412032) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5145] close(3) = 0 [pid 5145] mkdir("./file2", 0777) = 0 [pid 5145] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5145] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5145] chdir("./file2") = 0 [pid 5145] ioctl(4, LOOP_CLR_FD) = 0 [pid 5145] close(4) = 0 [pid 5145] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5144] <... futex resumed>) = 0 [pid 5145] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5144] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... openat resumed>) = 4 [pid 5145] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5144] <... futex resumed>) = 0 [pid 5145] write(4, "\x9d\x77\x20\xf8\x4b\x6b\x8e\x0b\x66\xbe\xa3\x81\x70\xc0\x17\xc5\x0a\xe4\x3d\xe5\xe7\xd4\x05\x65\xab\xb2\x88\x59\xb3\xd2\x58\x27\xd7\x5d\x36\xe5\x2b\xea\x4b\x00\x69\x73\xa7\x21\xeb\x5a\xb1\x99\x19\xed\x30\x96\x64\x50\x77\x99\x3d\x80\x02\x56\x6a\xde\x5a\x58\xe4\x92\x99\x86\x12\xf4\xf1\xd2\xea\xa0\x1b\xf8\xef\x26\x01\x81\x5c\x59\xc4\x94\xf0\x1d\x00\xd7\xf7\xdb\xf5\x7c\x54\xb7\x2a\x8f\x62\x56\x99\x6f"..., 34136651 [ 83.006940][ T5145] loop0: detected capacity change from 0 to 4096 [pid 5144] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... write resumed>) = 1036288 [pid 5145] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] ioctl(4, FS_IOC_FIEMAP, {fm_start=0, fm_length=4, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=2} [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... ioctl resumed> => {fm_flags=FIEMAP_FLAG_SYNC, fm_mapped_extents=1, ...}) = 0 [pid 5145] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5144] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5145] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5144] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5145] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5144] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = 0 [pid 5144] <... futex resumed>) = 0 [pid 5145] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 5144] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] futex(0x7f86d43286c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] exit_group(0) = ? [pid 5145] <... futex resumed>) = ? [pid 5145] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5144, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555746d730 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557475770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557475770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file2") = 0 getdents64(3, 0x55555746d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5146 attached , child_tidptr=0x55555746c690) = 5146 [pid 5146] set_robust_list(0x55555746c6a0, 24) = 0 [pid 5146] chdir("./51") = 0 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5146] setpgid(0, 0) = 0 [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5146] write(3, "1000", 4) = 4 [pid 5146] close(3) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5146] futex(0x7f86d43286cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] rt_sigaction(SIGRT_1, {sa_handler=0x7f86d42a7070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f86d4298220}, NULL, 8) = 0 [pid 5146] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86d421d000 [pid 5146] mprotect(0x7f86d421e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f86d423d990, parent_tid=0x7f86d423d990, exit_signal=0, stack=0x7f86d421d000, stack_size=0x20300, tls=0x7f86d423d6c0} => {parent_tid=[5147]}, 88) = 5147 [pid 5146] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5147 attached [pid 5147] rseq(0x7f86d423dfe0, 0x20, 0, 0x53053053 [pid 5146] futex(0x7f86d43286c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f86d43286cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5147] <... rseq resumed>) = 0 [pid 5147] set_robust_list(0x7f86d423d9a0, 24) = 0 [pid 5147] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5147] memfd_create("syzkaller", 0) = 3 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86cbe1d000 [pid 5147] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152