./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3413839177 <...> Warning: Permanently added '10.128.15.200' (ED25519) to the list of known hosts. execve("./syz-executor3413839177", ["./syz-executor3413839177"], 0x7ffc45048170 /* 10 vars */) = 0 brk(NULL) = 0x555556802000 brk(0x555556802d40) = 0x555556802d40 arch_prctl(ARCH_SET_FS, 0x5555568023c0) = 0 set_tid_address(0x555556802690) = 5036 set_robust_list(0x5555568026a0, 24) = 0 rseq(0x555556802ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3413839177", 4096) = 28 getrandom("\x52\x49\xa4\x4f\x41\x7c\x59\x86", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556802d40 brk(0x555556823d40) = 0x555556823d40 brk(0x555556824000) = 0x555556824000 mprotect(0x7ff0e3b44000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.M9rI47", 0700) = 0 chmod("./syzkaller.M9rI47", 0777) = 0 chdir("./syzkaller.M9rI47") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5037 attached , child_tidptr=0x555556802690) = 5037 [pid 5037] set_robust_list(0x5555568026a0, 24) = 0 [pid 5037] chdir("./0") = 0 [pid 5037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5037] setpgid(0, 0) = 0 [pid 5037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5037] write(3, "1000", 4) = 4 [pid 5037] close(3) = 0 [pid 5037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5037] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] rt_sigaction(SIGRT_1, {sa_handler=0x7ff0e3ae8fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff0e3ada160}, NULL, 8) = 0 [pid 5037] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a5f000 [pid 5037] mprotect(0x7ff0e3a60000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5037] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a7f990, parent_tid=0x7ff0e3a7f990, exit_signal=0, stack=0x7ff0e3a5f000, stack_size=0x20300, tls=0x7ff0e3a7f6c0}./strace-static-x86_64: Process 5039 attached => {parent_tid=[5039]}, 88) = 5039 [pid 5039] rseq(0x7ff0e3a7ffe0, 0x20, 0, 0x53053053 [pid 5037] rt_sigprocmask(SIG_SETMASK, [], [pid 5039] <... rseq resumed>) = 0 [pid 5039] set_robust_list(0x7ff0e3a7f9a0, 24) = 0 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5039] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] memfd_create("syzkaller", 0) = 3 [pid 5039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff0db65f000 [pid 5039] write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x7f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x7a\x6b\x61\x6c\x73\x79\x7a\x6b\x61\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5039] munmap(0x7ff0db65f000, 138412032) = 0 [pid 5039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5039] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5039] close(3) = 0 [pid 5039] mkdir("./file0", 0777) = 0 [pid 5039] mount("/dev/loop0", "./file0", "bfs", MS_STRICTATIME, "01777777777777777777777") = 0 [pid 5039] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5039] chdir("./file0") = 0 [pid 5039] ioctl(4, LOOP_CLR_FD) = 0 [pid 5039] close(4) = 0 [pid 5039] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5039] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5037] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] <... open resumed>) = -1 EINVAL (Invalid argument) [pid 5037] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] <... futex resumed>) = 0 [pid 5037] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5037] <... futex resumed>) = 0 [pid 5039] <... open resumed>) = 4 [pid 5037] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5039] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5037] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a3e000 [pid 5037] mprotect(0x7ff0e3a3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5039] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5039] <... futex resumed>) = 0 [pid 5037] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a5e990, parent_tid=0x7ff0e3a5e990, exit_signal=0, stack=0x7ff0e3a3e000, stack_size=0x20300, tls=0x7ff0e3a5e6c0}./strace-static-x86_64: Process 5040 attached [pid 5040] rseq(0x7ff0e3a5efe0, 0x20, 0, 0x53053053) = 0 [pid 5037] <... clone3 resumed> => {parent_tid=[5040]}, 88) = 5040 [pid 5040] set_robust_list(0x7ff0e3a5e9a0, 24 [pid 5037] rt_sigprocmask(SIG_SETMASK, [], [pid 5040] <... set_robust_list resumed>) = 0 [pid 5039] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5040] rt_sigprocmask(SIG_SETMASK, [], [pid 5037] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5037] <... futex resumed>) = 0 [pid 5040] creat("./file1", 000 [pid 5037] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] <... creat resumed>) = 5 [pid 5040] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5037] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... futex resumed>) = 0 [pid 5037] <... futex resumed>) = 1 [pid 5039] write(5, "#! ./bus\n", 9 [pid 5037] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5039] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] exit_group(0) = ? [pid 5040] <... futex resumed>) = ? [pid 5039] <... futex resumed>) = ? [pid 5040] +++ exited with 0 +++ [pid 5039] +++ exited with 0 +++ [pid 5037] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5037, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556803730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 54.104068][ T5039] syz-executor341[5039]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 54.123919][ T5039] loop0: detected capacity change from 0 to 64 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555680b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555680b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555556803730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556802690) = 5041 ./strace-static-x86_64: Process 5041 attached [pid 5041] set_robust_list(0x5555568026a0, 24) = 0 [pid 5041] chdir("./1") = 0 [pid 5041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5041] setpgid(0, 0) = 0 [pid 5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5041] write(3, "1000", 4) = 4 [pid 5041] close(3) = 0 [pid 5041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5041] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] rt_sigaction(SIGRT_1, {sa_handler=0x7ff0e3ae8fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff0e3ada160}, NULL, 8) = 0 [pid 5041] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a5f000 [pid 5041] mprotect(0x7ff0e3a60000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5041] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a7f990, parent_tid=0x7ff0e3a7f990, exit_signal=0, stack=0x7ff0e3a5f000, stack_size=0x20300, tls=0x7ff0e3a7f6c0}./strace-static-x86_64: Process 5042 attached => {parent_tid=[5042]}, 88) = 5042 [pid 5042] rseq(0x7ff0e3a7ffe0, 0x20, 0, 0x53053053 [pid 5041] rt_sigprocmask(SIG_SETMASK, [], [pid 5042] <... rseq resumed>) = 0 [pid 5042] set_robust_list(0x7ff0e3a7f9a0, 24 [pid 5041] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5042] <... set_robust_list resumed>) = 0 [pid 5041] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] rt_sigprocmask(SIG_SETMASK, [], [pid 5041] <... futex resumed>) = 0 [pid 5042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5041] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5042] memfd_create("syzkaller", 0) = 3 [pid 5042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff0db65f000 [pid 5042] write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x7f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x7a\x6b\x61\x6c\x73\x79\x7a\x6b\x61\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5042] munmap(0x7ff0db65f000, 138412032) = 0 [pid 5042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5042] close(3) = 0 [pid 5042] mkdir("./file0", 0777) = 0 [pid 5042] mount("/dev/loop0", "./file0", "bfs", MS_STRICTATIME, "01777777777777777777777") = 0 [pid 5042] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5042] chdir("./file0") = 0 [pid 5042] ioctl(4, LOOP_CLR_FD) = 0 [pid 5042] close(4) = 0 [pid 5042] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5042] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5041] <... futex resumed>) = 0 [pid 5042] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5041] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] <... open resumed>) = -1 EINVAL (Invalid argument) [pid 5042] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5042] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5042] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5042] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5041] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a3e000 [pid 5041] mprotect(0x7ff0e3a3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5041] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a5e990, parent_tid=0x7ff0e3a5e990, exit_signal=0, stack=0x7ff0e3a3e000, stack_size=0x20300, tls=0x7ff0e3a5e6c0}./strace-static-x86_64: Process 5043 attached => {parent_tid=[5043]}, 88) = 5043 [pid 5043] rseq(0x7ff0e3a5efe0, 0x20, 0, 0x53053053 [pid 5041] rt_sigprocmask(SIG_SETMASK, [], [pid 5043] <... rseq resumed>) = 0 [pid 5043] set_robust_list(0x7ff0e3a5e9a0, 24 [pid 5042] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5041] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5043] <... set_robust_list resumed>) = 0 [pid 5041] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], [pid 5041] <... futex resumed>) = 0 [pid 5043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5041] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] creat("./file1", 000) = 5 [pid 5043] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = 0 [pid 5043] <... futex resumed>) = 1 [pid 5041] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] write(5, "#! ./bus\n", 9 [pid 5041] <... futex resumed>) = 0 [pid 5042] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5041] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] <... write resumed>) = 9 [pid 5043] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = 0 [pid 5042] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] <... futex resumed>) = 1 [pid 5042] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] exit_group(0 [pid 5042] <... futex resumed>) = ? [pid 5041] <... exit_group resumed>) = ? [pid 5043] <... futex resumed>) = ? [pid 5042] +++ exited with 0 +++ [pid 5043] +++ exited with 0 +++ [pid 5041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5041, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556803730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 54.231693][ T5042] loop0: detected capacity change from 0 to 64 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555680b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555680b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555556803730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556802690) = 5044 ./strace-static-x86_64: Process 5044 attached [pid 5044] set_robust_list(0x5555568026a0, 24) = 0 [pid 5044] chdir("./2") = 0 [pid 5044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5044] setpgid(0, 0) = 0 [pid 5044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5044] write(3, "1000", 4) = 4 [pid 5044] close(3) = 0 [pid 5044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5044] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] rt_sigaction(SIGRT_1, {sa_handler=0x7ff0e3ae8fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff0e3ada160}, NULL, 8) = 0 [pid 5044] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a5f000 [pid 5044] mprotect(0x7ff0e3a60000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5044] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5044] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a7f990, parent_tid=0x7ff0e3a7f990, exit_signal=0, stack=0x7ff0e3a5f000, stack_size=0x20300, tls=0x7ff0e3a7f6c0}./strace-static-x86_64: Process 5045 attached [pid 5045] rseq(0x7ff0e3a7ffe0, 0x20, 0, 0x53053053 [pid 5044] <... clone3 resumed> => {parent_tid=[5045]}, 88) = 5045 [pid 5045] <... rseq resumed>) = 0 [pid 5045] set_robust_list(0x7ff0e3a7f9a0, 24 [pid 5044] rt_sigprocmask(SIG_SETMASK, [], [pid 5045] <... set_robust_list resumed>) = 0 [pid 5044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5045] rt_sigprocmask(SIG_SETMASK, [], [pid 5044] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5044] <... futex resumed>) = 0 [pid 5045] memfd_create("syzkaller", 0 [pid 5044] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5045] <... memfd_create resumed>) = 3 [pid 5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff0db65f000 [pid 5045] write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x7f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x7a\x6b\x61\x6c\x73\x79\x7a\x6b\x61\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5045] munmap(0x7ff0db65f000, 138412032) = 0 [pid 5045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5045] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5045] close(3) = 0 [pid 5045] mkdir("./file0", 0777) = 0 [pid 5045] mount("/dev/loop0", "./file0", "bfs", MS_STRICTATIME, "01777777777777777777777") = 0 [pid 5045] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5045] chdir("./file0") = 0 [pid 5045] ioctl(4, LOOP_CLR_FD) = 0 [pid 5045] close(4) = 0 [pid 5045] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5045] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5044] <... futex resumed>) = 0 [pid 5045] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5044] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... open resumed>) = -1 EINVAL (Invalid argument) [pid 5045] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5045] <... futex resumed>) = 1 [pid 5044] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5044] <... futex resumed>) = 0 [pid 5045] <... open resumed>) = 4 [pid 5044] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5045] <... futex resumed>) = 0 [pid 5044] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5044] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a3e000 [pid 5044] mprotect(0x7ff0e3a3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5045] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5044] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5045] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5044] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a5e990, parent_tid=0x7ff0e3a5e990, exit_signal=0, stack=0x7ff0e3a3e000, stack_size=0x20300, tls=0x7ff0e3a5e6c0} [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] <... clone3 resumed> => {parent_tid=[5046]}, 88) = 5046 ./strace-static-x86_64: Process 5046 attached [pid 5044] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5046] rseq(0x7ff0e3a5efe0, 0x20, 0, 0x53053053 [pid 5044] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... rseq resumed>) = 0 [pid 5044] <... futex resumed>) = 0 [pid 5046] set_robust_list(0x7ff0e3a5e9a0, 24 [pid 5044] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] <... set_robust_list resumed>) = 0 [pid 5046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5046] creat("./file1", 000) = 5 [pid 5046] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5046] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5044] <... futex resumed>) = 1 [pid 5045] write(5, "#! ./bus\n", 9 [pid 5044] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5045] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5045] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] exit_group(0 [pid 5046] <... futex resumed>) = ? [pid 5045] <... futex resumed>) = ? [pid 5044] <... exit_group resumed>) = ? [pid 5045] +++ exited with 0 +++ [pid 5046] +++ exited with 0 +++ [pid 5044] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5044, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556803730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 54.326681][ T5045] loop0: detected capacity change from 0 to 64 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555680b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555680b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555556803730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556802690) = 5047 ./strace-static-x86_64: Process 5047 attached [pid 5047] set_robust_list(0x5555568026a0, 24) = 0 [pid 5047] chdir("./3") = 0 [pid 5047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5047] setpgid(0, 0) = 0 [pid 5047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5047] write(3, "1000", 4) = 4 [pid 5047] close(3) = 0 [pid 5047] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5047] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] rt_sigaction(SIGRT_1, {sa_handler=0x7ff0e3ae8fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff0e3ada160}, NULL, 8) = 0 [pid 5047] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a5f000 [pid 5047] mprotect(0x7ff0e3a60000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5047] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5047] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a7f990, parent_tid=0x7ff0e3a7f990, exit_signal=0, stack=0x7ff0e3a5f000, stack_size=0x20300, tls=0x7ff0e3a7f6c0}./strace-static-x86_64: Process 5048 attached [pid 5048] rseq(0x7ff0e3a7ffe0, 0x20, 0, 0x53053053) = 0 [pid 5048] set_robust_list(0x7ff0e3a7f9a0, 24) = 0 [pid 5048] rt_sigprocmask(SIG_SETMASK, [], [pid 5047] <... clone3 resumed> => {parent_tid=[5048]}, 88) = 5048 [pid 5048] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5048] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5047] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] <... futex resumed>) = 0 [pid 5047] <... futex resumed>) = 1 [pid 5048] memfd_create("syzkaller", 0) = 3 [pid 5047] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff0db65f000 [pid 5048] write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x7f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x7a\x6b\x61\x6c\x73\x79\x7a\x6b\x61\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5048] munmap(0x7ff0db65f000, 138412032) = 0 [pid 5048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5048] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5048] close(3) = 0 [pid 5048] mkdir("./file0", 0777) = 0 [pid 5048] mount("/dev/loop0", "./file0", "bfs", MS_STRICTATIME, "01777777777777777777777") = 0 [pid 5048] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5048] chdir("./file0") = 0 [pid 5048] ioctl(4, LOOP_CLR_FD) = 0 [pid 5048] close(4) = 0 [pid 5048] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5048] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5047] <... futex resumed>) = 0 [pid 5048] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5047] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] <... open resumed>) = -1 EINVAL (Invalid argument) [pid 5048] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5048] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5048] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5047] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5048] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5048] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5047] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a3e000 [pid 5047] mprotect(0x7ff0e3a3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5047] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5047] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a5e990, parent_tid=0x7ff0e3a5e990, exit_signal=0, stack=0x7ff0e3a3e000, stack_size=0x20300, tls=0x7ff0e3a5e6c0} [pid 5048] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5047] <... clone3 resumed> => {parent_tid=[5049]}, 88) = 5049 [pid 5047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5047] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5049 attached [pid 5048] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5049] rseq(0x7ff0e3a5efe0, 0x20, 0, 0x53053053) = 0 [pid 5048] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] set_robust_list(0x7ff0e3a5e9a0, 24 [pid 5048] <... futex resumed>) = 0 [pid 5049] <... set_robust_list resumed>) = 0 [pid 5048] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5049] creat("./file1", 000) = 5 [pid 5049] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] <... futex resumed>) = 0 [pid 5047] <... futex resumed>) = 1 [pid 5048] write(5, "#! ./bus\n", 9 [pid 5049] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5048] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5047] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5048] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] exit_group(0 [pid 5049] <... futex resumed>) = ? [pid 5048] <... futex resumed>) = ? [pid 5047] <... exit_group resumed>) = ? [pid 5049] +++ exited with 0 +++ [pid 5048] +++ exited with 0 +++ [pid 5047] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5047, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556803730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 54.436810][ T5048] loop0: detected capacity change from 0 to 64 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555680b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555680b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555556803730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5050 attached [pid 5050] set_robust_list(0x5555568026a0, 24) = 0 [pid 5036] <... clone resumed>, child_tidptr=0x555556802690) = 5050 [pid 5050] chdir("./4") = 0 [pid 5050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5050] setpgid(0, 0) = 0 [pid 5050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5050] write(3, "1000", 4) = 4 [pid 5050] close(3) = 0 [pid 5050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5050] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] rt_sigaction(SIGRT_1, {sa_handler=0x7ff0e3ae8fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff0e3ada160}, NULL, 8) = 0 [pid 5050] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a5f000 [pid 5050] mprotect(0x7ff0e3a60000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5050] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a7f990, parent_tid=0x7ff0e3a7f990, exit_signal=0, stack=0x7ff0e3a5f000, stack_size=0x20300, tls=0x7ff0e3a7f6c0}./strace-static-x86_64: Process 5051 attached => {parent_tid=[5051]}, 88) = 5051 [pid 5051] rseq(0x7ff0e3a7ffe0, 0x20, 0, 0x53053053 [pid 5050] rt_sigprocmask(SIG_SETMASK, [], [pid 5051] <... rseq resumed>) = 0 [pid 5050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5051] set_robust_list(0x7ff0e3a7f9a0, 24) = 0 [pid 5050] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] rt_sigprocmask(SIG_SETMASK, [], [pid 5050] <... futex resumed>) = 0 [pid 5051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5050] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5051] memfd_create("syzkaller", 0) = 3 [pid 5051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff0db65f000 [pid 5051] write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x7f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x7a\x6b\x61\x6c\x73\x79\x7a\x6b\x61\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5051] munmap(0x7ff0db65f000, 138412032) = 0 [pid 5051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5051] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5051] close(3) = 0 [pid 5051] mkdir("./file0", 0777) = 0 [pid 5051] mount("/dev/loop0", "./file0", "bfs", MS_STRICTATIME, "01777777777777777777777") = 0 [pid 5051] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5051] chdir("./file0") = 0 [pid 5051] ioctl(4, LOOP_CLR_FD) = 0 [pid 5051] close(4) = 0 [pid 5051] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5051] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5050] <... futex resumed>) = 0 [pid 5051] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5050] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... open resumed>) = -1 EINVAL (Invalid argument) [pid 5051] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5051] <... futex resumed>) = 1 [pid 5050] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5051] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] <... futex resumed>) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5051] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5050] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a3e000 [pid 5051] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5050] mprotect(0x7ff0e3a3f000, 131072, PROT_READ|PROT_WRITE [pid 5051] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... mprotect resumed>) = 0 [pid 5051] <... futex resumed>) = 0 [pid 5051] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a5e990, parent_tid=0x7ff0e3a5e990, exit_signal=0, stack=0x7ff0e3a3e000, stack_size=0x20300, tls=0x7ff0e3a5e6c0}./strace-static-x86_64: Process 5052 attached => {parent_tid=[5052]}, 88) = 5052 [pid 5050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5050] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] rseq(0x7ff0e3a5efe0, 0x20, 0, 0x53053053) = 0 [pid 5052] set_robust_list(0x7ff0e3a5e9a0, 24) = 0 [pid 5052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5052] creat("./file1", 000) = 5 [pid 5052] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] <... futex resumed>) = 1 [pid 5051] <... futex resumed>) = 0 [pid 5050] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] write(5, "#! ./bus\n", 9) = -1 ENOSPC (No space left on device) [pid 5051] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5051] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] exit_group(0 [pid 5052] <... futex resumed>) = ? [pid 5051] <... futex resumed>) = ? [pid 5050] <... exit_group resumed>) = ? [pid 5051] +++ exited with 0 +++ [pid 5052] +++ exited with 0 +++ [pid 5050] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5050, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556803730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555680b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555680b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555556803730 /* 0 entries */, 32768) = 0 [ 54.520626][ T5051] loop0: detected capacity change from 0 to 64 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556802690) = 5053 ./strace-static-x86_64: Process 5053 attached [pid 5053] set_robust_list(0x5555568026a0, 24) = 0 [pid 5053] chdir("./5") = 0 [pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5053] setpgid(0, 0) = 0 [pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5053] write(3, "1000", 4) = 4 [pid 5053] close(3) = 0 [pid 5053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5053] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] rt_sigaction(SIGRT_1, {sa_handler=0x7ff0e3ae8fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff0e3ada160}, NULL, 8) = 0 [pid 5053] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a5f000 [pid 5053] mprotect(0x7ff0e3a60000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a7f990, parent_tid=0x7ff0e3a7f990, exit_signal=0, stack=0x7ff0e3a5f000, stack_size=0x20300, tls=0x7ff0e3a7f6c0}./strace-static-x86_64: Process 5054 attached [pid 5054] rseq(0x7ff0e3a7ffe0, 0x20, 0, 0x53053053) = 0 [pid 5053] <... clone3 resumed> => {parent_tid=[5054]}, 88) = 5054 [pid 5053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5053] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5054] set_robust_list(0x7ff0e3a7f9a0, 24) = 0 [pid 5054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5054] memfd_create("syzkaller", 0) = 3 [pid 5054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff0db65f000 [pid 5054] write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x7f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x7a\x6b\x61\x6c\x73\x79\x7a\x6b\x61\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5054] munmap(0x7ff0db65f000, 138412032) = 0 [pid 5054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5054] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5054] close(3) = 0 [pid 5054] mkdir("./file0", 0777) = 0 [pid 5054] mount("/dev/loop0", "./file0", "bfs", MS_STRICTATIME, "01777777777777777777777") = 0 [pid 5054] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5054] chdir("./file0") = 0 [pid 5054] ioctl(4, LOOP_CLR_FD) = 0 [pid 5054] close(4) = 0 [pid 5054] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5053] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = -1 EINVAL (Invalid argument) [pid 5054] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5054] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5054] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5053] <... futex resumed>) = 0 [pid 5054] <... open resumed>) = 4 [pid 5053] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5054] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5053] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5053] <... futex resumed>) = 0 [pid 5053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a3e000 [pid 5053] mprotect(0x7ff0e3a3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a5e990, parent_tid=0x7ff0e3a5e990, exit_signal=0, stack=0x7ff0e3a3e000, stack_size=0x20300, tls=0x7ff0e3a5e6c0}./strace-static-x86_64: Process 5055 attached => {parent_tid=[5055]}, 88) = 5055 [pid 5054] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] rt_sigprocmask(SIG_SETMASK, [], [pid 5055] rseq(0x7ff0e3a5efe0, 0x20, 0, 0x53053053) = 0 [pid 5054] <... futex resumed>) = 0 [pid 5053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5055] set_robust_list(0x7ff0e3a5e9a0, 24 [pid 5054] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... set_robust_list resumed>) = 0 [pid 5053] <... futex resumed>) = 0 [pid 5055] rt_sigprocmask(SIG_SETMASK, [], [pid 5053] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5055] creat("./file1", 000) = 5 [pid 5055] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5055] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5053] <... futex resumed>) = 1 [pid 5054] write(5, "#! ./bus\n", 9) = -1 ENOSPC (No space left on device) [pid 5053] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = 0 [pid 5053] exit_group(0 [pid 5054] <... futex resumed>) = 1 [pid 5053] <... exit_group resumed>) = ? [pid 5054] +++ exited with 0 +++ [pid 5055] <... futex resumed>) = ? [pid 5055] +++ exited with 0 +++ [pid 5053] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5053, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556803730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555680b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555680b770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 54.619944][ T5054] loop0: detected capacity change from 0 to 64 rmdir("./5/file0") = 0 getdents64(3, 0x555556803730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556802690) = 5056 ./strace-static-x86_64: Process 5056 attached [pid 5056] set_robust_list(0x5555568026a0, 24) = 0 [pid 5056] chdir("./6") = 0 [pid 5056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5056] setpgid(0, 0) = 0 [pid 5056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5056] write(3, "1000", 4) = 4 [pid 5056] close(3) = 0 [pid 5056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5056] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] rt_sigaction(SIGRT_1, {sa_handler=0x7ff0e3ae8fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff0e3ada160}, NULL, 8) = 0 [pid 5056] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a5f000 [pid 5056] mprotect(0x7ff0e3a60000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a7f990, parent_tid=0x7ff0e3a7f990, exit_signal=0, stack=0x7ff0e3a5f000, stack_size=0x20300, tls=0x7ff0e3a7f6c0}./strace-static-x86_64: Process 5057 attached => {parent_tid=[5057]}, 88) = 5057 [pid 5056] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5056] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5057] rseq(0x7ff0e3a7ffe0, 0x20, 0, 0x53053053) = 0 [pid 5057] set_robust_list(0x7ff0e3a7f9a0, 24) = 0 [pid 5057] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5057] memfd_create("syzkaller", 0) = 3 [pid 5057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff0db65f000 [pid 5057] write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x7f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x7a\x6b\x61\x6c\x73\x79\x7a\x6b\x61\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5057] munmap(0x7ff0db65f000, 138412032) = 0 [pid 5057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5057] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5057] close(3) = 0 [pid 5057] mkdir("./file0", 0777) = 0 [pid 5057] mount("/dev/loop0", "./file0", "bfs", MS_STRICTATIME, "01777777777777777777777") = 0 [pid 5057] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5057] chdir("./file0") = 0 [pid 5057] ioctl(4, LOOP_CLR_FD) = 0 [pid 5057] close(4) = 0 [pid 5057] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5057] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5056] <... futex resumed>) = 0 [pid 5057] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5056] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... open resumed>) = -1 EINVAL (Invalid argument) [pid 5057] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5057] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5057] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5057] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a3e000 [pid 5057] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5056] mprotect(0x7ff0e3a3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a5e990, parent_tid=0x7ff0e3a5e990, exit_signal=0, stack=0x7ff0e3a3e000, stack_size=0x20300, tls=0x7ff0e3a5e6c0}./strace-static-x86_64: Process 5058 attached [pid 5058] rseq(0x7ff0e3a5efe0, 0x20, 0, 0x53053053) = 0 [pid 5056] <... clone3 resumed> => {parent_tid=[5058]}, 88) = 5058 [pid 5058] set_robust_list(0x7ff0e3a5e9a0, 24 [pid 5056] rt_sigprocmask(SIG_SETMASK, [], [pid 5058] <... set_robust_list resumed>) = 0 [pid 5056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5058] rt_sigprocmask(SIG_SETMASK, [], [pid 5056] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5056] <... futex resumed>) = 0 [pid 5058] creat("./file1", 000 [pid 5056] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] <... creat resumed>) = 5 [pid 5058] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5058] <... futex resumed>) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5058] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5056] <... futex resumed>) = 0 [pid 5057] <... futex resumed>) = 0 [pid 5058] write(5, "#! ./bus\n", 9 [pid 5056] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5057] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5056] exit_group(0 [pid 5058] <... futex resumed>) = 1 [pid 5058] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5056] <... exit_group resumed>) = ? [pid 5057] <... futex resumed>) = ? [pid 5058] +++ exited with 0 +++ [pid 5057] +++ exited with 0 +++ [pid 5056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5056, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556803730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555680b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555680b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 [ 54.724040][ T5057] loop0: detected capacity change from 0 to 64 getdents64(3, 0x555556803730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556802690) = 5059 ./strace-static-x86_64: Process 5059 attached [pid 5059] set_robust_list(0x5555568026a0, 24) = 0 [pid 5059] chdir("./7") = 0 [pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] setpgid(0, 0) = 0 [pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5059] write(3, "1000", 4) = 4 [pid 5059] close(3) = 0 [pid 5059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5059] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] rt_sigaction(SIGRT_1, {sa_handler=0x7ff0e3ae8fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff0e3ada160}, NULL, 8) = 0 [pid 5059] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a5f000 [pid 5059] mprotect(0x7ff0e3a60000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a7f990, parent_tid=0x7ff0e3a7f990, exit_signal=0, stack=0x7ff0e3a5f000, stack_size=0x20300, tls=0x7ff0e3a7f6c0}./strace-static-x86_64: Process 5060 attached [pid 5060] rseq(0x7ff0e3a7ffe0, 0x20, 0, 0x53053053 [pid 5059] <... clone3 resumed> => {parent_tid=[5060]}, 88) = 5060 [pid 5060] <... rseq resumed>) = 0 [pid 5059] rt_sigprocmask(SIG_SETMASK, [], [pid 5060] set_robust_list(0x7ff0e3a7f9a0, 24 [pid 5059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5060] <... set_robust_list resumed>) = 0 [pid 5059] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5059] <... futex resumed>) = 0 [pid 5060] memfd_create("syzkaller", 0 [pid 5059] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5060] <... memfd_create resumed>) = 3 [pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff0db65f000 [pid 5060] write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x7f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x7a\x6b\x61\x6c\x73\x79\x7a\x6b\x61\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5060] munmap(0x7ff0db65f000, 138412032) = 0 [pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5060] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5060] close(3) = 0 [pid 5060] mkdir("./file0", 0777) = 0 [pid 5060] mount("/dev/loop0", "./file0", "bfs", MS_STRICTATIME, "01777777777777777777777") = 0 [pid 5060] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5060] chdir("./file0") = 0 [pid 5060] ioctl(4, LOOP_CLR_FD) = 0 [pid 5060] close(4) = 0 [pid 5060] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5060] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5060] <... futex resumed>) = 0 [pid 5059] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = -1 EINVAL (Invalid argument) [pid 5060] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5060] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... futex resumed>) = 0 [pid 5060] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5060] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5060] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = 0 [pid 5060] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5059] <... futex resumed>) = 1 [pid 5060] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5059] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a3e000 [pid 5059] mprotect(0x7ff0e3a3f000, 131072, PROT_READ|PROT_WRITE [pid 5060] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... mprotect resumed>) = 0 [pid 5060] <... futex resumed>) = 0 [pid 5059] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5060] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a5e990, parent_tid=0x7ff0e3a5e990, exit_signal=0, stack=0x7ff0e3a3e000, stack_size=0x20300, tls=0x7ff0e3a5e6c0}./strace-static-x86_64: Process 5061 attached => {parent_tid=[5061]}, 88) = 5061 [pid 5061] rseq(0x7ff0e3a5efe0, 0x20, 0, 0x53053053) = 0 [pid 5061] set_robust_list(0x7ff0e3a5e9a0, 24) = 0 [pid 5061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5061] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5059] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5059] <... futex resumed>) = 1 [pid 5061] creat("./file1", 000) = 5 [pid 5059] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5059] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5060] <... futex resumed>) = 0 [pid 5061] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] <... futex resumed>) = 1 [pid 5060] write(5, "#! ./bus\n", 9 [pid 5059] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5060] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5060] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] exit_group(0 [pid 5061] <... futex resumed>) = ? [pid 5059] <... exit_group resumed>) = ? [pid 5061] +++ exited with 0 +++ [pid 5060] <... futex resumed>) = ? [pid 5060] +++ exited with 0 +++ [pid 5059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5059, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556803730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 54.806136][ T5060] loop0: detected capacity change from 0 to 64 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555680b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555680b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555556803730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556802690) = 5062 ./strace-static-x86_64: Process 5062 attached [pid 5062] set_robust_list(0x5555568026a0, 24) = 0 [pid 5062] chdir("./8") = 0 [pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] setpgid(0, 0) = 0 [pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] write(3, "1000", 4) = 4 [pid 5062] close(3) = 0 [pid 5062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5062] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] rt_sigaction(SIGRT_1, {sa_handler=0x7ff0e3ae8fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff0e3ada160}, NULL, 8) = 0 [pid 5062] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a5f000 [pid 5062] mprotect(0x7ff0e3a60000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a7f990, parent_tid=0x7ff0e3a7f990, exit_signal=0, stack=0x7ff0e3a5f000, stack_size=0x20300, tls=0x7ff0e3a7f6c0} => {parent_tid=[5063]}, 88) = 5063 [pid 5062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5063 attached [pid 5063] rseq(0x7ff0e3a7ffe0, 0x20, 0, 0x53053053) = 0 [pid 5063] set_robust_list(0x7ff0e3a7f9a0, 24) = 0 [pid 5063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] memfd_create("syzkaller", 0) = 3 [pid 5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff0db65f000 [pid 5063] write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x7f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x7a\x6b\x61\x6c\x73\x79\x7a\x6b\x61\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5063] munmap(0x7ff0db65f000, 138412032) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5063] close(3) = 0 [pid 5063] mkdir("./file0", 0777) = 0 [pid 5063] mount("/dev/loop0", "./file0", "bfs", MS_STRICTATIME, "01777777777777777777777") = 0 [pid 5063] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5063] chdir("./file0") = 0 [pid 5063] ioctl(4, LOOP_CLR_FD) = 0 [pid 5063] close(4) = 0 [pid 5063] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... futex resumed>) = 0 [pid 5063] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = -1 EINVAL (Invalid argument) [pid 5063] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5063] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] <... futex resumed>) = 0 [pid 5063] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5062] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] <... futex resumed>) = 1 [pid 5062] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a3e000 [pid 5062] mprotect(0x7ff0e3a3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a5e990, parent_tid=0x7ff0e3a5e990, exit_signal=0, stack=0x7ff0e3a3e000, stack_size=0x20300, tls=0x7ff0e3a5e6c0}./strace-static-x86_64: Process 5064 attached => {parent_tid=[5064]}, 88) = 5064 [pid 5062] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] rseq(0x7ff0e3a5efe0, 0x20, 0, 0x53053053 [pid 5063] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... rseq resumed>) = 0 [pid 5063] <... futex resumed>) = 0 [pid 5064] set_robust_list(0x7ff0e3a5e9a0, 24) = 0 [pid 5064] rt_sigprocmask(SIG_SETMASK, [], [pid 5063] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5064] creat("./file1", 000) = 5 [pid 5064] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5064] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5063] write(5, "#! ./bus\n", 9 [pid 5062] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5063] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5063] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] exit_group(0 [pid 5064] <... futex resumed>) = ? [pid 5062] <... exit_group resumed>) = ? [pid 5064] +++ exited with 0 +++ [pid 5063] <... futex resumed>) = ? [pid 5063] +++ exited with 0 +++ [pid 5062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5062, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556803730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 54.904379][ T5063] loop0: detected capacity change from 0 to 64 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555680b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555680b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555556803730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5065 attached [pid 5065] set_robust_list(0x5555568026a0, 24) = 0 [pid 5065] chdir("./9") = 0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] write(3, "1000", 4) = 4 [pid 5065] close(3) = 0 [pid 5065] symlink("/dev/binderfs", "./binderfs" [pid 5036] <... clone resumed>, child_tidptr=0x555556802690) = 5065 [pid 5065] <... symlink resumed>) = 0 [pid 5065] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] rt_sigaction(SIGRT_1, {sa_handler=0x7ff0e3ae8fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff0e3ada160}, NULL, 8) = 0 [pid 5065] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a5f000 [pid 5065] mprotect(0x7ff0e3a60000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5065] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a7f990, parent_tid=0x7ff0e3a7f990, exit_signal=0, stack=0x7ff0e3a5f000, stack_size=0x20300, tls=0x7ff0e3a7f6c0}./strace-static-x86_64: Process 5066 attached => {parent_tid=[5066]}, 88) = 5066 [pid 5066] rseq(0x7ff0e3a7ffe0, 0x20, 0, 0x53053053 [pid 5065] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... rseq resumed>) = 0 [pid 5066] set_robust_list(0x7ff0e3a7f9a0, 24 [pid 5065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] <... set_robust_list resumed>) = 0 [pid 5065] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] <... futex resumed>) = 0 [pid 5066] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] memfd_create("syzkaller", 0) = 3 [pid 5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff0db65f000 [pid 5066] write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x7f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x7a\x6b\x61\x6c\x73\x79\x7a\x6b\x61\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5066] munmap(0x7ff0db65f000, 138412032) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5066] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5066] close(3) = 0 [pid 5066] mkdir("./file0", 0777) = 0 [pid 5066] mount("/dev/loop0", "./file0", "bfs", MS_STRICTATIME, "01777777777777777777777") = 0 [pid 5066] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5066] chdir("./file0") = 0 [pid 5066] ioctl(4, LOOP_CLR_FD) = 0 [pid 5066] close(4) = 0 [pid 5066] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5065] <... futex resumed>) = 1 [pid 5066] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5065] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... open resumed>) = -1 EINVAL (Invalid argument) [pid 5066] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5066] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5065] <... futex resumed>) = 0 [pid 5066] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5065] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... open resumed>) = 4 [pid 5066] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5066] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5065] <... futex resumed>) = 1 [pid 5066] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5065] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... futex resumed>) = 0 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a3e000 [pid 5065] mprotect(0x7ff0e3a3f000, 131072, PROT_READ|PROT_WRITE [pid 5066] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... mprotect resumed>) = 0 [pid 5065] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a5e990, parent_tid=0x7ff0e3a5e990, exit_signal=0, stack=0x7ff0e3a3e000, stack_size=0x20300, tls=0x7ff0e3a5e6c0} [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5067 attached [pid 5065] <... clone3 resumed> => {parent_tid=[5067]}, 88) = 5067 [pid 5067] rseq(0x7ff0e3a5efe0, 0x20, 0, 0x53053053 [pid 5065] rt_sigprocmask(SIG_SETMASK, [], [pid 5067] <... rseq resumed>) = 0 [pid 5067] set_robust_list(0x7ff0e3a5e9a0, 24 [pid 5065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5067] <... set_robust_list resumed>) = 0 [pid 5065] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] <... futex resumed>) = 0 [pid 5067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] creat("./file1", 000) = 5 [pid 5067] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5067] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5065] <... futex resumed>) = 1 [pid 5066] write(5, "#! ./bus\n", 9 [pid 5065] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5066] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5066] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] exit_group(0 [pid 5067] <... futex resumed>) = ? [pid 5066] <... futex resumed>) = ? [pid 5065] <... exit_group resumed>) = ? [pid 5067] +++ exited with 0 +++ [pid 5066] +++ exited with 0 +++ [pid 5065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556803730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555680b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555680b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555556803730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5068 attached , child_tidptr=0x555556802690) = 5068 [pid 5068] set_robust_list(0x5555568026a0, 24) = 0 [ 55.009764][ T5066] loop0: detected capacity change from 0 to 64 [pid 5068] chdir("./10") = 0 [pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] setpgid(0, 0) = 0 [pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "1000", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5068] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] rt_sigaction(SIGRT_1, {sa_handler=0x7ff0e3ae8fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff0e3ada160}, NULL, 8) = 0 [pid 5068] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a5f000 [pid 5068] mprotect(0x7ff0e3a60000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5068] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a7f990, parent_tid=0x7ff0e3a7f990, exit_signal=0, stack=0x7ff0e3a5f000, stack_size=0x20300, tls=0x7ff0e3a7f6c0}./strace-static-x86_64: Process 5069 attached => {parent_tid=[5069]}, 88) = 5069 [pid 5069] rseq(0x7ff0e3a7ffe0, 0x20, 0, 0x53053053) = 0 [pid 5068] rt_sigprocmask(SIG_SETMASK, [], [pid 5069] set_robust_list(0x7ff0e3a7f9a0, 24 [pid 5068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5069] <... set_robust_list resumed>) = 0 [pid 5068] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5068] <... futex resumed>) = 0 [pid 5069] memfd_create("syzkaller", 0 [pid 5068] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5069] <... memfd_create resumed>) = 3 [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff0db65f000 [pid 5069] write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x7f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x7a\x6b\x61\x6c\x73\x79\x7a\x6b\x61\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5069] munmap(0x7ff0db65f000, 138412032) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5069] close(3) = 0 [pid 5069] mkdir("./file0", 0777) = 0 [pid 5069] mount("/dev/loop0", "./file0", "bfs", MS_STRICTATIME, "01777777777777777777777") = 0 [pid 5069] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5069] chdir("./file0") = 0 [pid 5069] ioctl(4, LOOP_CLR_FD) = 0 [pid 5069] close(4) = 0 [pid 5069] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = -1 EINVAL (Invalid argument) [pid 5069] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5069] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5068] <... futex resumed>) = 0 [pid 5069] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5068] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a3e000 [pid 5068] mprotect(0x7ff0e3a3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5068] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5069] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a5e990, parent_tid=0x7ff0e3a5e990, exit_signal=0, stack=0x7ff0e3a3e000, stack_size=0x20300, tls=0x7ff0e3a5e6c0} => {parent_tid=[5070]}, 88) = 5070 [pid 5068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5068] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5070 attached [pid 5070] rseq(0x7ff0e3a5efe0, 0x20, 0, 0x53053053) = 0 [pid 5070] set_robust_list(0x7ff0e3a5e9a0, 24) = 0 [pid 5070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5070] creat("./file1", 000) = 5 [pid 5070] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] <... futex resumed>) = 0 [pid 5068] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] write(5, "#! ./bus\n", 9) = -1 ENOSPC (No space left on device) [pid 5069] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5068] exit_group(0 [pid 5069] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] <... futex resumed>) = ? [pid 5068] <... exit_group resumed>) = ? [pid 5069] <... futex resumed>) = ? [pid 5070] +++ exited with 0 +++ [pid 5069] +++ exited with 0 +++ [pid 5068] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5068, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556803730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 55.089917][ T5069] loop0: detected capacity change from 0 to 64 getdents64(4, 0x55555680b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555680b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555556803730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x5555568026a0, 24) = 0 [pid 5071] chdir("./11") = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5036] <... clone resumed>, child_tidptr=0x555556802690) = 5071 [pid 5071] <... openat resumed>) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5071] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] rt_sigaction(SIGRT_1, {sa_handler=0x7ff0e3ae8fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff0e3ada160}, NULL, 8) = 0 [pid 5071] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a5f000 [pid 5071] mprotect(0x7ff0e3a60000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5071] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a7f990, parent_tid=0x7ff0e3a7f990, exit_signal=0, stack=0x7ff0e3a5f000, stack_size=0x20300, tls=0x7ff0e3a7f6c0}./strace-static-x86_64: Process 5072 attached => {parent_tid=[5072]}, 88) = 5072 [pid 5071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5071] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5072] rseq(0x7ff0e3a7ffe0, 0x20, 0, 0x53053053) = 0 [pid 5072] set_robust_list(0x7ff0e3a7f9a0, 24) = 0 [pid 5072] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5072] memfd_create("syzkaller", 0) = 3 [pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff0db65f000 [pid 5072] write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x7f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x7a\x6b\x61\x6c\x73\x79\x7a\x6b\x61\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5072] munmap(0x7ff0db65f000, 138412032) = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5072] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5072] close(3) = 0 [pid 5072] mkdir("./file0", 0777) = 0 [pid 5072] mount("/dev/loop0", "./file0", "bfs", MS_STRICTATIME, "01777777777777777777777") = 0 [pid 5072] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5072] chdir("./file0") = 0 [pid 5072] ioctl(4, LOOP_CLR_FD) = 0 [pid 5072] close(4) = 0 [pid 5072] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5071] <... futex resumed>) = 1 [pid 5072] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5071] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... open resumed>) = -1 EINVAL (Invalid argument) [pid 5072] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5072] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5071] <... futex resumed>) = 1 [pid 5072] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5071] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] <... futex resumed>) = 0 [pid 5071] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5071] <... futex resumed>) = 0 [pid 5072] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5071] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a3e000 [pid 5071] mprotect(0x7ff0e3a3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5072] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a5e990, parent_tid=0x7ff0e3a5e990, exit_signal=0, stack=0x7ff0e3a3e000, stack_size=0x20300, tls=0x7ff0e3a5e6c0}./strace-static-x86_64: Process 5073 attached => {parent_tid=[5073]}, 88) = 5073 [pid 5073] rseq(0x7ff0e3a5efe0, 0x20, 0, 0x53053053) = 0 [pid 5071] rt_sigprocmask(SIG_SETMASK, [], [pid 5073] set_robust_list(0x7ff0e3a5e9a0, 24 [pid 5071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5073] <... set_robust_list resumed>) = 0 [pid 5071] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] rt_sigprocmask(SIG_SETMASK, [], [pid 5071] <... futex resumed>) = 0 [pid 5073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5071] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] creat("./file1", 000) = 5 [pid 5073] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 0 [pid 5073] <... futex resumed>) = 1 [pid 5071] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... futex resumed>) = 0 [pid 5072] write(5, "#! ./bus\n", 9 [pid 5071] <... futex resumed>) = 1 [pid 5072] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5071] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 0 [pid 5071] exit_group(0 [pid 5073] <... futex resumed>) = ? [pid 5072] <... futex resumed>) = ? [pid 5073] +++ exited with 0 +++ [pid 5072] +++ exited with 0 +++ [pid 5071] <... exit_group resumed>) = ? [pid 5071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556803730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555680b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555680b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555556803730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5074 attached , child_tidptr=0x555556802690) = 5074 [pid 5074] set_robust_list(0x5555568026a0, 24) = 0 [pid 5074] chdir("./12") = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 55.185315][ T5072] loop0: detected capacity change from 0 to 64 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5074] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] rt_sigaction(SIGRT_1, {sa_handler=0x7ff0e3ae8fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff0e3ada160}, NULL, 8) = 0 [pid 5074] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a5f000 [pid 5074] mprotect(0x7ff0e3a60000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a7f990, parent_tid=0x7ff0e3a7f990, exit_signal=0, stack=0x7ff0e3a5f000, stack_size=0x20300, tls=0x7ff0e3a7f6c0}./strace-static-x86_64: Process 5075 attached => {parent_tid=[5075]}, 88) = 5075 [pid 5074] rt_sigprocmask(SIG_SETMASK, [], [pid 5075] rseq(0x7ff0e3a7ffe0, 0x20, 0, 0x53053053) = 0 [pid 5075] set_robust_list(0x7ff0e3a7f9a0, 24) = 0 [pid 5075] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5075] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5074] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5074] <... futex resumed>) = 1 [pid 5075] memfd_create("syzkaller", 0 [pid 5074] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5075] <... memfd_create resumed>) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff0db65f000 [pid 5075] write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x7f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x7a\x6b\x61\x6c\x73\x79\x7a\x6b\x61\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5075] munmap(0x7ff0db65f000, 138412032) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5075] close(3) = 0 [pid 5075] mkdir("./file0", 0777) = 0 [pid 5075] mount("/dev/loop0", "./file0", "bfs", MS_STRICTATIME, "01777777777777777777777") = 0 [pid 5075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5075] chdir("./file0") = 0 [pid 5075] ioctl(4, LOOP_CLR_FD) = 0 [pid 5075] close(4) = 0 [pid 5075] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5075] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = -1 EINVAL (Invalid argument) [pid 5075] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5075] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5074] <... futex resumed>) = 0 [pid 5075] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5074] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... open resumed>) = 4 [pid 5075] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a3e000 [pid 5074] mprotect(0x7ff0e3a3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a5e990, parent_tid=0x7ff0e3a5e990, exit_signal=0, stack=0x7ff0e3a3e000, stack_size=0x20300, tls=0x7ff0e3a5e6c0}./strace-static-x86_64: Process 5076 attached [pid 5076] rseq(0x7ff0e3a5efe0, 0x20, 0, 0x53053053) = 0 [pid 5076] set_robust_list(0x7ff0e3a5e9a0, 24 [pid 5074] <... clone3 resumed> => {parent_tid=[5076]}, 88) = 5076 [pid 5076] <... set_robust_list resumed>) = 0 [pid 5076] rt_sigprocmask(SIG_SETMASK, [], [pid 5074] rt_sigprocmask(SIG_SETMASK, [], [pid 5076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5076] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5074] <... futex resumed>) = 0 [pid 5076] creat("./file1", 000 [pid 5074] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... creat resumed>) = 5 [pid 5076] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5076] <... futex resumed>) = 0 [pid 5074] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] write(5, "#! ./bus\n", 9) = -1 ENOSPC (No space left on device) [pid 5076] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5076] <... futex resumed>) = 1 [pid 5076] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] exit_group(0 [pid 5076] <... futex resumed>) = ? [pid 5075] <... futex resumed>) = ? [pid 5074] <... exit_group resumed>) = ? [pid 5076] +++ exited with 0 +++ [pid 5075] +++ exited with 0 +++ [pid 5074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556803730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 55.271496][ T5075] loop0: detected capacity change from 0 to 64 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555680b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555680b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555556803730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x5555568026a0, 24) = 0 [pid 5077] chdir("./13") = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5077] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] rt_sigaction(SIGRT_1, {sa_handler=0x7ff0e3ae8fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff0e3ada160}, NULL, 8) = 0 [pid 5077] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a5f000 [pid 5077] mprotect(0x7ff0e3a60000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5036] <... clone resumed>, child_tidptr=0x555556802690) = 5077 [pid 5077] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a7f990, parent_tid=0x7ff0e3a7f990, exit_signal=0, stack=0x7ff0e3a5f000, stack_size=0x20300, tls=0x7ff0e3a7f6c0} => {parent_tid=[5078]}, 88) = 5078 ./strace-static-x86_64: Process 5078 attached [pid 5077] rt_sigprocmask(SIG_SETMASK, [], [pid 5078] rseq(0x7ff0e3a7ffe0, 0x20, 0, 0x53053053 [pid 5077] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5078] <... rseq resumed>) = 0 [pid 5077] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] set_robust_list(0x7ff0e3a7f9a0, 24 [pid 5077] <... futex resumed>) = 0 [pid 5078] <... set_robust_list resumed>) = 0 [pid 5077] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5078] memfd_create("syzkaller", 0) = 3 [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff0db65f000 [pid 5078] write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x7f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x7a\x6b\x61\x6c\x73\x79\x7a\x6b\x61\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5078] munmap(0x7ff0db65f000, 138412032) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5078] close(3) = 0 [pid 5078] mkdir("./file0", 0777) = 0 [pid 5078] mount("/dev/loop0", "./file0", "bfs", MS_STRICTATIME, "01777777777777777777777") = 0 [pid 5078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5078] chdir("./file0") = 0 [pid 5078] ioctl(4, LOOP_CLR_FD) = 0 [pid 5078] close(4) = 0 [pid 5078] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5078] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5077] <... futex resumed>) = 0 [pid 5078] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5077] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... open resumed>) = -1 EINVAL (Invalid argument) [pid 5078] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5078] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5077] <... futex resumed>) = 0 [pid 5078] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5077] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... open resumed>) = 4 [pid 5078] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a3e000 [pid 5078] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5077] mprotect(0x7ff0e3a3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a5e990, parent_tid=0x7ff0e3a5e990, exit_signal=0, stack=0x7ff0e3a3e000, stack_size=0x20300, tls=0x7ff0e3a5e6c0} => {parent_tid=[5079]}, 88) = 5079 [pid 5077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5077] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5079 attached [pid 5078] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5079] rseq(0x7ff0e3a5efe0, 0x20, 0, 0x53053053) = 0 [pid 5078] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] set_robust_list(0x7ff0e3a5e9a0, 24 [pid 5078] <... futex resumed>) = 0 [pid 5079] <... set_robust_list resumed>) = 0 [pid 5079] rt_sigprocmask(SIG_SETMASK, [], [pid 5078] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5079] creat("./file1", 000) = 5 [pid 5079] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] <... futex resumed>) = 1 [pid 5077] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... futex resumed>) = 0 [pid 5078] write(5, "#! ./bus\n", 9) = -1 ENOSPC (No space left on device) [pid 5078] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5077] exit_group(0 [pid 5078] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5077] <... exit_group resumed>) = ? [pid 5079] <... futex resumed>) = ? [pid 5078] +++ exited with 0 +++ [pid 5079] +++ exited with 0 +++ [pid 5077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556803730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 55.386053][ T5078] loop0: detected capacity change from 0 to 64 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555680b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555680b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555556803730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556802690) = 5080 ./strace-static-x86_64: Process 5080 attached [pid 5080] set_robust_list(0x5555568026a0, 24) = 0 [pid 5080] chdir("./14") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5080] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] rt_sigaction(SIGRT_1, {sa_handler=0x7ff0e3ae8fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff0e3ada160}, NULL, 8) = 0 [pid 5080] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a5f000 [pid 5080] mprotect(0x7ff0e3a60000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5080] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5080] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a7f990, parent_tid=0x7ff0e3a7f990, exit_signal=0, stack=0x7ff0e3a5f000, stack_size=0x20300, tls=0x7ff0e3a7f6c0}./strace-static-x86_64: Process 5081 attached [pid 5081] rseq(0x7ff0e3a7ffe0, 0x20, 0, 0x53053053 [pid 5080] <... clone3 resumed> => {parent_tid=[5081]}, 88) = 5081 [pid 5081] <... rseq resumed>) = 0 [pid 5080] rt_sigprocmask(SIG_SETMASK, [], [pid 5081] set_robust_list(0x7ff0e3a7f9a0, 24 [pid 5080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5081] <... set_robust_list resumed>) = 0 [pid 5080] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5080] <... futex resumed>) = 0 [pid 5081] memfd_create("syzkaller", 0 [pid 5080] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5081] <... memfd_create resumed>) = 3 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff0db65f000 [pid 5081] write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x7f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x7a\x6b\x61\x6c\x73\x79\x7a\x6b\x61\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5081] munmap(0x7ff0db65f000, 138412032) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5081] close(3) = 0 [pid 5081] mkdir("./file0", 0777) = 0 [pid 5081] mount("/dev/loop0", "./file0", "bfs", MS_STRICTATIME, "01777777777777777777777") = 0 [pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5081] chdir("./file0") = 0 [pid 5081] ioctl(4, LOOP_CLR_FD) = 0 [pid 5081] close(4) = 0 [pid 5081] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... open resumed>) = -1 EINVAL (Invalid argument) [pid 5081] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5081] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] <... futex resumed>) = 1 [pid 5080] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = 1 [pid 5081] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EINVAL (Invalid argument) [pid 5081] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = 0 [pid 5081] creat("./file1", 000 [pid 5080] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... creat resumed>) = 5 [pid 5081] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5081] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = 1 [pid 5081] write(5, "#! ./bus\n", 9 [pid 5080] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5081] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5080] exit_group(0 [pid 5081] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] <... exit_group resumed>) = ? [pid 5081] <... futex resumed>) = ? [pid 5081] +++ exited with 0 +++ [pid 5080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556803730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 55.470092][ T5081] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555680b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555680b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555556803730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached , child_tidptr=0x555556802690) = 5082 [pid 5082] set_robust_list(0x5555568026a0, 24) = 0 [pid 5082] chdir("./15") = 0 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0) = 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] write(3, "1000", 4) = 4 [pid 5082] close(3) = 0 [pid 5082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5082] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] rt_sigaction(SIGRT_1, {sa_handler=0x7ff0e3ae8fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff0e3ada160}, NULL, 8) = 0 [pid 5082] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a5f000 [pid 5082] mprotect(0x7ff0e3a60000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a7f990, parent_tid=0x7ff0e3a7f990, exit_signal=0, stack=0x7ff0e3a5f000, stack_size=0x20300, tls=0x7ff0e3a7f6c0}./strace-static-x86_64: Process 5083 attached [pid 5083] rseq(0x7ff0e3a7ffe0, 0x20, 0, 0x53053053 [pid 5082] <... clone3 resumed> => {parent_tid=[5083]}, 88) = 5083 [pid 5083] <... rseq resumed>) = 0 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], [pid 5083] set_robust_list(0x7ff0e3a7f9a0, 24 [pid 5082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5083] <... set_robust_list resumed>) = 0 [pid 5082] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5083] memfd_create("syzkaller", 0 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5083] <... memfd_create resumed>) = 3 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff0db65f000 [pid 5083] write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x7f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x7a\x6b\x61\x6c\x73\x79\x7a\x6b\x61\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5083] munmap(0x7ff0db65f000, 138412032) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5083] close(3) = 0 [pid 5083] mkdir("./file0", 0777) = 0 [pid 5083] mount("/dev/loop0", "./file0", "bfs", MS_STRICTATIME, "01777777777777777777777") = 0 [pid 5083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5083] chdir("./file0") = 0 [pid 5083] ioctl(4, LOOP_CLR_FD) = 0 [pid 5083] close(4) = 0 [pid 5083] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5083] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] <... futex resumed>) = 0 [pid 5083] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5082] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... open resumed>) = -1 EINVAL (Invalid argument) [pid 5083] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5083] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] <... futex resumed>) = 0 [pid 5083] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5082] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... open resumed>) = 4 [pid 5083] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5082] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a3e000 [pid 5082] mprotect(0x7ff0e3a3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a5e990, parent_tid=0x7ff0e3a5e990, exit_signal=0, stack=0x7ff0e3a3e000, stack_size=0x20300, tls=0x7ff0e3a5e6c0}./strace-static-x86_64: Process 5084 attached [pid 5084] rseq(0x7ff0e3a5efe0, 0x20, 0, 0x53053053) = 0 [pid 5082] <... clone3 resumed> => {parent_tid=[5084]}, 88) = 5084 [pid 5084] set_robust_list(0x7ff0e3a5e9a0, 24 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], [pid 5084] <... set_robust_list resumed>) = 0 [pid 5084] rt_sigprocmask(SIG_SETMASK, [], [pid 5082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5082] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] creat("./file1", 000 [pid 5082] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... creat resumed>) = 5 [pid 5084] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5084] <... futex resumed>) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5084] write(5, "#! ./bus\n", 9 [pid 5082] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 5083] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 0 [pid 5084] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] exit_group(0 [pid 5084] <... futex resumed>) = ? [pid 5083] <... futex resumed>) = ? [pid 5082] <... exit_group resumed>) = ? [pid 5083] +++ exited with 0 +++ [pid 5084] +++ exited with 0 +++ [pid 5082] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556803730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555680b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555680b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555556803730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 55.560308][ T5083] loop0: detected capacity change from 0 to 64 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5085 attached , child_tidptr=0x555556802690) = 5085 [pid 5085] set_robust_list(0x5555568026a0, 24) = 0 [pid 5085] chdir("./16") = 0 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5085] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] rt_sigaction(SIGRT_1, {sa_handler=0x7ff0e3ae8fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff0e3ada160}, NULL, 8) = 0 [pid 5085] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a5f000 [pid 5085] mprotect(0x7ff0e3a60000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a7f990, parent_tid=0x7ff0e3a7f990, exit_signal=0, stack=0x7ff0e3a5f000, stack_size=0x20300, tls=0x7ff0e3a7f6c0}./strace-static-x86_64: Process 5086 attached [pid 5086] rseq(0x7ff0e3a7ffe0, 0x20, 0, 0x53053053 [pid 5085] <... clone3 resumed> => {parent_tid=[5086]}, 88) = 5086 [pid 5086] <... rseq resumed>) = 0 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], [pid 5086] set_robust_list(0x7ff0e3a7f9a0, 24 [pid 5085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5086] <... set_robust_list resumed>) = 0 [pid 5085] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] rt_sigprocmask(SIG_SETMASK, [], [pid 5085] <... futex resumed>) = 0 [pid 5086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5085] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] memfd_create("syzkaller", 0) = 3 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff0db65f000 [pid 5086] write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x7f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x7a\x6b\x61\x6c\x73\x79\x7a\x6b\x61\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5086] munmap(0x7ff0db65f000, 138412032) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5086] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5086] close(3) = 0 [pid 5086] mkdir("./file0", 0777) = 0 [pid 5086] mount("/dev/loop0", "./file0", "bfs", MS_STRICTATIME, "01777777777777777777777") = 0 [pid 5086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5086] chdir("./file0") = 0 [pid 5086] ioctl(4, LOOP_CLR_FD) = 0 [pid 5086] close(4) = 0 [pid 5086] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5086] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] <... futex resumed>) = 0 [pid 5086] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5085] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... open resumed>) = -1 EINVAL (Invalid argument) [pid 5086] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5086] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] <... futex resumed>) = 0 [pid 5086] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5085] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... open resumed>) = 4 [pid 5086] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5086] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5086] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5085] <... mmap resumed>) = 0x7ff0e3a3e000 [pid 5085] mprotect(0x7ff0e3a3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5086] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a5e990, parent_tid=0x7ff0e3a5e990, exit_signal=0, stack=0x7ff0e3a3e000, stack_size=0x20300, tls=0x7ff0e3a5e6c0}./strace-static-x86_64: Process 5087 attached [pid 5087] rseq(0x7ff0e3a5efe0, 0x20, 0, 0x53053053 [pid 5085] <... clone3 resumed> => {parent_tid=[5087]}, 88) = 5087 [pid 5087] <... rseq resumed>) = 0 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], [pid 5087] set_robust_list(0x7ff0e3a5e9a0, 24 [pid 5085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5087] <... set_robust_list resumed>) = 0 [pid 5085] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] rt_sigprocmask(SIG_SETMASK, [], [pid 5085] <... futex resumed>) = 0 [pid 5087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5085] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] creat("./file1", 000 [pid 5086] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... creat resumed>) = 5 [pid 5086] <... futex resumed>) = 0 [pid 5087] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] <... futex resumed>) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5087] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5085] <... futex resumed>) = 1 [pid 5086] write(5, "#! ./bus\n", 9) = -1 ENOSPC (No space left on device) [pid 5085] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] exit_group(0 [pid 5086] <... futex resumed>) = ? [pid 5087] <... futex resumed>) = ? [pid 5085] <... exit_group resumed>) = ? [pid 5087] +++ exited with 0 +++ [pid 5086] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556803730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555680b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555680b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555556803730 /* 0 entries */, 32768) = 0 [ 55.638173][ T5086] loop0: detected capacity change from 0 to 64 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5088 attached , child_tidptr=0x555556802690) = 5088 [pid 5088] set_robust_list(0x5555568026a0, 24) = 0 [pid 5088] chdir("./17") = 0 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5088] setpgid(0, 0) = 0 [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5088] write(3, "1000", 4) = 4 [pid 5088] close(3) = 0 [pid 5088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5088] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] rt_sigaction(SIGRT_1, {sa_handler=0x7ff0e3ae8fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff0e3ada160}, NULL, 8) = 0 [pid 5088] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a5f000 [pid 5088] mprotect(0x7ff0e3a60000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5088] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5088] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a7f990, parent_tid=0x7ff0e3a7f990, exit_signal=0, stack=0x7ff0e3a5f000, stack_size=0x20300, tls=0x7ff0e3a7f6c0}./strace-static-x86_64: Process 5089 attached [pid 5089] rseq(0x7ff0e3a7ffe0, 0x20, 0, 0x53053053) = 0 [pid 5089] set_robust_list(0x7ff0e3a7f9a0, 24) = 0 [pid 5089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5089] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... clone3 resumed> => {parent_tid=[5089]}, 88) = 5089 [pid 5088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5088] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 1 [pid 5089] memfd_create("syzkaller", 0 [pid 5088] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5089] <... memfd_create resumed>) = 3 [pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff0db65f000 [pid 5089] write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x7f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x7a\x6b\x61\x6c\x73\x79\x7a\x6b\x61\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5089] munmap(0x7ff0db65f000, 138412032) = 0 [pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5089] close(3) = 0 [pid 5089] mkdir("./file0", 0777) = 0 [pid 5089] mount("/dev/loop0", "./file0", "bfs", MS_STRICTATIME, "01777777777777777777777") = 0 [pid 5089] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5089] chdir("./file0") = 0 [pid 5089] ioctl(4, LOOP_CLR_FD) = 0 [pid 5089] close(4) = 0 [pid 5089] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... futex resumed>) = 1 [pid 5089] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = -1 EINVAL (Invalid argument) [pid 5089] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5089] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a3e000 [pid 5089] <... futex resumed>) = 1 [pid 5088] mprotect(0x7ff0e3a3f000, 131072, PROT_READ|PROT_WRITE [pid 5089] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5088] <... mprotect resumed>) = 0 [pid 5089] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5088] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5088] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a5e990, parent_tid=0x7ff0e3a5e990, exit_signal=0, stack=0x7ff0e3a3e000, stack_size=0x20300, tls=0x7ff0e3a5e6c0}./strace-static-x86_64: Process 5090 attached [pid 5090] rseq(0x7ff0e3a5efe0, 0x20, 0, 0x53053053 [pid 5088] <... clone3 resumed> => {parent_tid=[5090]}, 88) = 5090 [pid 5090] <... rseq resumed>) = 0 [pid 5090] set_robust_list(0x7ff0e3a5e9a0, 24 [pid 5088] rt_sigprocmask(SIG_SETMASK, [], [pid 5090] <... set_robust_list resumed>) = 0 [pid 5088] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], [pid 5088] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5088] <... futex resumed>) = 0 [pid 5090] creat("./file1", 000 [pid 5089] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... creat resumed>) = 5 [pid 5089] <... futex resumed>) = 0 [pid 5090] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... futex resumed>) = 0 [pid 5090] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 1 [pid 5088] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] write(5, "#! ./bus\n", 9) = -1 ENOSPC (No space left on device) [pid 5089] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5089] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] exit_group(0 [pid 5090] <... futex resumed>) = ? [pid 5089] <... futex resumed>) = ? [pid 5088] <... exit_group resumed>) = ? [pid 5090] +++ exited with 0 +++ [pid 5089] +++ exited with 0 +++ [pid 5088] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556803730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 55.727302][ T5089] loop0: detected capacity change from 0 to 64 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555680b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555680b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555556803730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5091 attached [pid 5091] set_robust_list(0x5555568026a0, 24) = 0 [pid 5036] <... clone resumed>, child_tidptr=0x555556802690) = 5091 [pid 5091] chdir("./18") = 0 [pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5091] setpgid(0, 0) = 0 [pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5091] write(3, "1000", 4) = 4 [pid 5091] close(3) = 0 [pid 5091] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5091] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] rt_sigaction(SIGRT_1, {sa_handler=0x7ff0e3ae8fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff0e3ada160}, NULL, 8) = 0 [pid 5091] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a5f000 [pid 5091] mprotect(0x7ff0e3a60000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a7f990, parent_tid=0x7ff0e3a7f990, exit_signal=0, stack=0x7ff0e3a5f000, stack_size=0x20300, tls=0x7ff0e3a7f6c0}./strace-static-x86_64: Process 5092 attached => {parent_tid=[5092]}, 88) = 5092 [pid 5092] rseq(0x7ff0e3a7ffe0, 0x20, 0, 0x53053053) = 0 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], [pid 5092] set_robust_list(0x7ff0e3a7f9a0, 24) = 0 [pid 5091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5092] rt_sigprocmask(SIG_SETMASK, [], [pid 5091] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5092] memfd_create("syzkaller", 0) = 3 [pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff0db65f000 [pid 5092] write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x7f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x7a\x6b\x61\x6c\x73\x79\x7a\x6b\x61\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5092] munmap(0x7ff0db65f000, 138412032) = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5092] close(3) = 0 [pid 5092] mkdir("./file0", 0777) = 0 [pid 5092] mount("/dev/loop0", "./file0", "bfs", MS_STRICTATIME, "01777777777777777777777") = 0 [pid 5092] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5092] chdir("./file0") = 0 [pid 5092] ioctl(4, LOOP_CLR_FD) = 0 [pid 5092] close(4) = 0 [pid 5092] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5092] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5091] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = -1 EINVAL (Invalid argument) [pid 5092] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5092] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5091] <... futex resumed>) = 1 [pid 5092] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5091] futex(0x7ff0e3b4a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... open resumed>) = 4 [pid 5092] futex(0x7ff0e3b4a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5092] futex(0x7ff0e3b4a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5091] futex(0x7ff0e3b4a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff0e3a3e000 [pid 5091] mprotect(0x7ff0e3a3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff0e3a5e990, parent_tid=0x7ff0e3a5e990, exit_signal=0, stack=0x7ff0e3a3e000, stack_size=0x20300, tls=0x7ff0e3a5e6c0}./strace-static-x86_64: Process 5093 attached [pid 5093] rseq(0x7ff0e3a5efe0, 0x20, 0, 0x53053053 [pid 5091] <... clone3 resumed> => {parent_tid=[5093]}, 88) = 5093 [pid 5093] <... rseq resumed>) = 0 [pid 5093] set_robust_list(0x7ff0e3a5e9a0, 24 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], [pid 5093] <... set_robust_list resumed>) = 0 [pid 5091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5093] rt_sigprocmask(SIG_SETMASK, [], [pid 5091] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5091] <... futex resumed>) = 0 [pid 5093] creat("./file1", 000 [pid 5091] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... creat resumed>) = 5 [pid 5093] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7ff0e3b4a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7ff0e3b4a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 1 [pid 5093] write(5, "#! ./bus\n", 9) = 9 [pid 5093] futex(0x7ff0e3b4a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5093] <... futex resumed>) = 1 [ 55.822288][ T5092] loop0: detected capacity change from 0 to 64 [ 55.855877][ T5092] ------------[ cut here ]------------ [ 55.861591][ T5092] WARNING: CPU: 0 PID: 5092 at fs/buffer.c:1188 mark_buffer_dirty+0x376/0x3e0 [ 55.870530][ T5092] Modules linked in: [ 55.874428][ T5092] CPU: 0 PID: 5092 Comm: syz-executor341 Not tainted 6.6.0-rc5-syzkaller-00243-g727fb8376504 #0 [ 55.884844][ T5092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 55.895255][ T5092] RIP: 0010:mark_buffer_dirty+0x376/0x3e0 [ 55.901249][ T5092] Code: e9 ff e6 89 ff e8 fa e6 89 ff 48 89 ef e8 42 87 e7 ff 5b 5d e9 eb e6 89 ff e8 e6 e6 89 ff 0f 0b e9 10 fe ff ff e8 da e6 89 ff <0f> 0b e9 b7 fc ff ff e8 ce e6 89 ff 0f 0b e9 d6 fc ff ff 48 89 df [ 55.921096][ T5092] RSP: 0018:ffffc90003bcf968 EFLAGS: 00010293 [ 55.927179][ T5092] RAX: 0000000000000000 RBX: ffff888076754488 RCX: 0000000000000000 [ 55.935191][ T5092] RDX: ffff8880268f1dc0 RSI: ffffffff81fde006 RDI: 0000000000000001 [ 55.943192][ T5092] RBP: ffff888076753e00 R08: 0000000000000001 R09: 0000000000000000 [ 55.951192][ T5092] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000009 [ 55.959214][ T5092] R13: ffff8880275ca000 R14: dffffc0000000000 R15: ffffed1004eb942c [ 55.967202][ T5092] FS: 00007ff0e3a7f6c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 55.976221][ T5092] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.982869][ T5092] CR2: 0000000020004000 CR3: 00000000177ca000 CR4: 0000000000350ef0 [ 55.990886][ T5092] Call Trace: [ 55.994161][ T5092] [ 55.997077][ T5092] ? show_regs+0x8f/0xa0 [ 56.001359][ T5092] ? __warn+0xe6/0x380 [ 56.005445][ T5092] ? mark_buffer_dirty+0x376/0x3e0 [ 56.010576][ T5092] ? report_bug+0x3bc/0x580 [ 56.015095][ T5092] ? handle_bug+0x3c/0x70 [pid 5093] futex(0x7ff0e3b4a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] exit_group(0) = ? [pid 5093] <... futex resumed>) = ? [pid 5093] +++ exited with 0 +++ [ 56.019492][ T5092] ? exc_invalid_op+0x17/0x40 [ 56.024191][ T5092] ? asm_exc_invalid_op+0x1a/0x20 [ 56.029281][ T5092] ? mark_buffer_dirty+0x376/0x3e0 [ 56.034592][ T5092] ? mark_buffer_dirty+0x376/0x3e0 [ 56.039778][ T5092] ? mark_buffer_dirty+0x376/0x3e0 [ 56.044899][ T5092] bfs_get_block+0x37f/0xdd0 [ 56.049524][ T5092] ? _raw_spin_unlock+0x28/0x40 [ 56.054393][ T5092] ? bfs_write_begin+0xd0/0xd0 [ 56.059225][ T5092] __block_write_begin_int+0x3c0/0x1560 [ 56.064786][ T5092] ? bfs_write_begin+0xd0/0xd0 [ 56.069600][ T5092] ? invalidate_bh_lrus_cpu+0x170/0x170 [ 56.075175][ T5092] ? folio_flags+0x71/0x1f0 [ 56.079735][ T5092] block_write_begin+0xb1/0x490 [ 56.084596][ T5092] ? bfs_write_begin+0xd0/0xd0 [ 56.089389][ T5092] bfs_write_begin+0x31/0xd0 [ 56.093988][ T5092] generic_perform_write+0x278/0x600 [ 56.099348][ T5092] ? folio_add_wait_queue+0x1c0/0x1c0 [ 56.104749][ T5092] ? generic_write_checks+0x2b0/0x3f0 [ 56.110195][ T5092] __generic_file_write_iter+0x1f9/0x240 [ 56.115849][ T5092] generic_file_write_iter+0xe3/0x350 [ 56.121254][ T5092] vfs_write+0x650/0xe40 [ 56.125483][ T5092] ? kernel_write+0x6c0/0x6c0 [ 56.130185][ T5092] ? __fget_files+0x272/0x410 [ 56.134886][ T5092] ksys_write+0x12f/0x250 [ 56.139292][ T5092] ? __ia32_sys_read+0xb0/0xb0 [ 56.144067][ T5092] ? lockdep_hardirqs_on+0x7d/0x100 [ 56.149312][ T5092] ? _raw_spin_unlock_irq+0x2e/0x50 [ 56.154518][ T5092] ? ptrace_notify+0xf4/0x130 [ 56.159252][ T5092] do_syscall_64+0x38/0xb0 [ 56.163687][ T5092] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.169641][ T5092] RIP: 0033:0x7ff0e3ac2b99 [ 56.174060][ T5092] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 56.193688][ T5092] RSP: 002b:00007ff0e3a7f218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 56.202158][ T5092] RAX: ffffffffffffffda RBX: 00007ff0e3b4a6c8 RCX: 00007ff0e3ac2b99 [ 56.210165][ T5092] RDX: 000000000208e24b RSI: 0000000020000440 RDI: 0000000000000004 [ 56.218184][ T5092] RBP: 00007ff0e3b4a6c0 R08: 0000000000000000 R09: 0000000000000000 [ 56.226311][ T5092] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff0e3b170c0 [ 56.234357][ T5092] R13: 00007ff0e3b1706b R14: 0030656c69662f2e R15: 0031656c69662f2e [ 56.242381][ T5092] [ 56.245418][ T5092] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 56.252698][ T5092] CPU: 0 PID: 5092 Comm: syz-executor341 Not tainted 6.6.0-rc5-syzkaller-00243-g727fb8376504 #0 [ 56.263113][ T5092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 56.273160][ T5092] Call Trace: [ 56.276429][ T5092] [ 56.279352][ T5092] dump_stack_lvl+0xd9/0x1b0 [ 56.283938][ T5092] panic+0x6a6/0x750 [ 56.287823][ T5092] ? panic_smp_self_stop+0xa0/0xa0 [ 56.292937][ T5092] ? mark_buffer_dirty+0x376/0x3e0 [ 56.298039][ T5092] check_panic_on_warn+0xab/0xb0 [ 56.302970][ T5092] __warn+0xf2/0x380 [ 56.306863][ T5092] ? mark_buffer_dirty+0x376/0x3e0 [ 56.311966][ T5092] report_bug+0x3bc/0x580 [ 56.316287][ T5092] handle_bug+0x3c/0x70 [ 56.320434][ T5092] exc_invalid_op+0x17/0x40 [ 56.324927][ T5092] asm_exc_invalid_op+0x1a/0x20 [ 56.329774][ T5092] RIP: 0010:mark_buffer_dirty+0x376/0x3e0 [ 56.335480][ T5092] Code: e9 ff e6 89 ff e8 fa e6 89 ff 48 89 ef e8 42 87 e7 ff 5b 5d e9 eb e6 89 ff e8 e6 e6 89 ff 0f 0b e9 10 fe ff ff e8 da e6 89 ff <0f> 0b e9 b7 fc ff ff e8 ce e6 89 ff 0f 0b e9 d6 fc ff ff 48 89 df [ 56.355081][ T5092] RSP: 0018:ffffc90003bcf968 EFLAGS: 00010293 [ 56.361137][ T5092] RAX: 0000000000000000 RBX: ffff888076754488 RCX: 0000000000000000 [ 56.369093][ T5092] RDX: ffff8880268f1dc0 RSI: ffffffff81fde006 RDI: 0000000000000001 [ 56.377052][ T5092] RBP: ffff888076753e00 R08: 0000000000000001 R09: 0000000000000000 [ 56.385009][ T5092] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000009 [ 56.392964][ T5092] R13: ffff8880275ca000 R14: dffffc0000000000 R15: ffffed1004eb942c [ 56.400929][ T5092] ? mark_buffer_dirty+0x376/0x3e0 [ 56.406036][ T5092] ? mark_buffer_dirty+0x376/0x3e0 [ 56.411144][ T5092] bfs_get_block+0x37f/0xdd0 [ 56.415749][ T5092] ? _raw_spin_unlock+0x28/0x40 [ 56.420589][ T5092] ? bfs_write_begin+0xd0/0xd0 [ 56.425341][ T5092] __block_write_begin_int+0x3c0/0x1560 [ 56.430885][ T5092] ? bfs_write_begin+0xd0/0xd0 [ 56.435643][ T5092] ? invalidate_bh_lrus_cpu+0x170/0x170 [ 56.441182][ T5092] ? folio_flags+0x71/0x1f0 [ 56.445676][ T5092] block_write_begin+0xb1/0x490 [ 56.450520][ T5092] ? bfs_write_begin+0xd0/0xd0 [ 56.455275][ T5092] bfs_write_begin+0x31/0xd0 [ 56.459862][ T5092] generic_perform_write+0x278/0x600 [ 56.465145][ T5092] ? folio_add_wait_queue+0x1c0/0x1c0 [ 56.470508][ T5092] ? generic_write_checks+0x2b0/0x3f0 [ 56.475885][ T5092] __generic_file_write_iter+0x1f9/0x240 [ 56.481512][ T5092] generic_file_write_iter+0xe3/0x350 [ 56.486882][ T5092] vfs_write+0x650/0xe40 [ 56.491115][ T5092] ? kernel_write+0x6c0/0x6c0 [ 56.495788][ T5092] ? __fget_files+0x272/0x410 [ 56.500464][ T5092] ksys_write+0x12f/0x250 [ 56.504782][ T5092] ? __ia32_sys_read+0xb0/0xb0 [ 56.509535][ T5092] ? lockdep_hardirqs_on+0x7d/0x100 [ 56.514726][ T5092] ? _raw_spin_unlock_irq+0x2e/0x50 [ 56.519913][ T5092] ? ptrace_notify+0xf4/0x130 [ 56.524580][ T5092] do_syscall_64+0x38/0xb0 [ 56.528985][ T5092] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.534871][ T5092] RIP: 0033:0x7ff0e3ac2b99 [ 56.539362][ T5092] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 56.558954][ T5092] RSP: 002b:00007ff0e3a7f218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 56.567352][ T5092] RAX: ffffffffffffffda RBX: 00007ff0e3b4a6c8 RCX: 00007ff0e3ac2b99 [ 56.575320][ T5092] RDX: 000000000208e24b RSI: 0000000020000440 RDI: 0000000000000004 [ 56.583279][ T5092] RBP: 00007ff0e3b4a6c0 R08: 0000000000000000 R09: 0000000000000000 [ 56.591252][ T5092] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff0e3b170c0 [ 56.599211][ T5092] R13: 00007ff0e3b1706b R14: 0030656c69662f2e R15: 0031656c69662f2e [ 56.607178][ T5092] [ 56.611149][ T5092] Kernel Offset: disabled [ 56.615522][ T5092] Rebooting in 86400 seconds..